WebSphere Application Server for z/OS, Version 6.1   
             オペレーティング・システム: z/OS

             目次と検索結果のパーソナライズ化

例: RMI_OUTBOUND のログイン構成のサンプル

この例は、レルム名が 2 つのサーバー間で一致するかどうかを判別する RMI_OUTBOUND のサンプル・ログイン構成を示します。

public customLoginModule()
{
	public void initialize(Subject subject, CallbackHandler callbackHandler, 
     Map sharedState, Map options) 
	{
     		// (For more information on what to do during initialization, see
     //   システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)
	}

public boolean login() throws LoginException 
	{
     	// (For more information on what to do during login, see
     //   システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)

		// Gets the WSProtocolPolicyCallback object
		Callback callbacks[] = new Callback[1];
			callbacks[0] = new com.ibm.wsspi.security.auth.callback.
          WSProtocolPolicyCallback("Protocol Policy Callback: ");
	        
		try {
                callbackHandler.handle(callbacks);
		} 
catch (Exception e)
		{
			// Handles the exception
		} 
            
     // Receives the RMI (CSIv2) policy object for checking the target realm 
     // based upon information from the IOR.
     		// Note: This object can be used to perform additional security checks.      // See the application programming interface (API) documentation for
     // more information.
		csiv2PerformPolicy = (CSIv2PerformPolicy) ((WSProtocolPolicyCallback)callbacks[0]).getProtocolPolicy();
		// Checks if the realms do not match. If they do not match, then log in to 
     // perform a mapping
		if (!csiv2PerformPolicy.getTargetSecurityName().equalsIgnoreCase(csiv2PerformPolicy.getCurrentSecurityName()))
		{
			try {
				// Do some custom realm -> user ID and password mapping
				MyBasicAuthDataObject myBasicAuthData = MyMappingLogin.lookup 				
										(csiv2PerformPolicy.getTargetSecurityName());

          // Creates the login context with basic authentication data gathered from 
          // custom mapping
					javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
						new WSCallbackHandlerImpl(myBasicAuthData.userid, 
								csiv2PerformPolicy.getTargetSecurityName(), 
                    myBasicAuthData.password));

					// Starts the login	
					ctx.login();

             					// Gets the Subject from the context. This subject is used to replace 
             // the passed-in Subject during the commit phase.
					basic_auth_subject = ctx.getSubject();
				} 
				catch (javax.security.auth.login.LoginException e)
				{
					throw new com.ibm.websphere.security.auth.WSLoginFailedException (e.getMessage(), e);
				}
		}
	}

public boolean commit() throws LoginException 
	{
     		// (For more information on what to do during commit, see
     //   システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)

		if (basic_auth_subject != null)
		{
       // Removes everything from the current Subject and adds everything from the 
       // basic_auth_subject
			try {
				public final Subject basic_auth_subject_priv = basic_auth_subject;
          // Do this in a doPrivileged code block so that application code 
          // does not need to add additional permissions
				java.security.AccessController.doPrivileged(new java.security.PrivilegedExceptionAction() 
				{
					public Object run() throws WSLoginFailedException
					{
               // Removes everything user-specific from the current outbound
               // Subject. This a temporary Subject for this specific invocation 
               // so you are not affecting the Subject set on the thread. You may 
               // keep any custom objects that you want to propagate in the Subject. 
               // This example removes everything and adds just the new information 
               // back in.
						try
						{
						 subject.getPublicCredentials().clear();
						 subject.getPrivateCredentials().clear();
						 subject.getPrincipals().clear();
						} 
catch (Exception e)
						{
		throw new WSLoginFailedException (e.getMessage(), e);
						}

               						// Adds everything from basic_auth_subject into the login subject.
               						// This completes the mapping to the new user.
						try
						{
						 subject.getPublicCredentials().addAll(basic_auth_subject.getPublicCredentials());
						 subject.getPrivateCredentials().addAll(basic_auth_subject.getPrivateCredentials());
						 subject.getPrincipals().addAll(basic_auth_subject.getPrincipals());
						} 
catch (Exception e)
						{
		throw new WSLoginFailedException (e.getMessage(), e);
						}

         return null;
					}
				});
			}
			catch (PrivilegedActionException e)
			{
				throw new WSLoginFailedException (e.getException().getMessage(), e.getException());
			}
		}
	}

// Defines your login module variables
	com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy csiv2PerformPolicy = null;
	javax.security.auth.Subject basic_auth_subject = null;
}



関連タスク
異なるターゲット・レルムへのアウトバウンド・マッピングの構成
関連資料
システム・ログイン構成用のカスタム・ログイン・モジュール開発
参照トピック    

ご利用条件 | フィードバック

最終更新: Jan 21, 2008 9:12:22 PM EST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/xsec_samprmiinbound.html