开发 JAAS 定制登录模块以进行数据库认证

可开发 Java™ 认证和授权服务 (JAAS) 定制登录模块,以添加用于向数据库认证的用户名和密码。

关于此任务

可开发 JAAS 定制登录模块,创建需要认证的数据库连接时可调用此模块。JAAS 定制登录模块用于创建密码凭证,此凭证包含用户名、密码和受管连接工厂。此登录模块必须将密码凭证添加至主体集的专用凭证集,此凭证集用于向数据库认证。

过程

  1. 创建用于实现 javax.security.auth.spi.LoginModule 接口的类。
  2. 在初始化方法中保存必需字段。例如:
    /** {@inheritDoc} */
    @SuppressWarnings("unchecked")
    @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
      this.callbackHandler = callbackHandler;
      this.subject = subject;
      this.sharedState = (Map<String, Object>) sharedState;
      this.options = options;
    }
  3. 在登录方法中处理 WSManagedConnectionFactoryCallbackWSMappingPropertiesCallback 回调。例如:
    /** {@inheritDoc} */
    @Override
    public boolean login() throws LoginException {
      ...
      Callback callbacks[] = new Callback[2];
      callbacks[0] = new WSManagedConnectionFactoryCallback("Target ManagedConnectionFactory: ");
      callbacks[1] = new WSMappingPropertiesCallback("Mapping Properties (HashMap): ");
      callbackHandler.handle(callbacks);
  4. 在登录方法中获取受管连接工厂和属性。例如:
    // The method getManagedConnectionFactory must be used as shown for compatibility with WebSphere traditional
    ManagedConnectionFactory managedConnectionFactory = ((WSManagedConnectionFactoryCallback) callbacks[0]).getManagedConnectionFacotry();
    Map properties = ((WSMappingPropertiesCallback) callbacks[1]).getProperties();
  5. 根据认证数据别名或某些其他条件获取用户名和密码。例如:
    String alias = (String) properties.get(com.ibm.wsspi.security.auth.callback.Constants.MAPPING_ALIAS);
    String user = getUser(alias); // Implementation specific
    char[] password = getPassword(alias); // Implementation specific
  6. 使用用户名和密码创建 javax.resources.spi.PasswordCredential 对象并设置受管连接工厂。例如:
    javax.resource.spi.security.PasswordCredential passwordCredential = new PasswordCredential(user, password);
    passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
  7. 将密码凭证添加至落实方法中的主体集。例如:
    /** {@inheritDoc} */
    @Override
    public boolean commit() throws LoginException {
      // Verify that the login was successful before adding the PasswordCredential to the subject.
      subject.getPrivateCredentials().add(passwordCredential);
      		return true;
    }

用于指示主题类型的图标 任务主题



时间戳记图标 最近一次更新时间: Tuesday, 6 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twlp_dev_jaas_custom_login_module
文件名:twlp_dev_jaas_custom_login_module.html