j-sec2-3-13.html

java安全－论证授权

<tr valign="bottom">
<a name="navskip"></a><td height="25" colspan="4"><img alt="3.JAAS 中的认证" src="imagemaster/titlebar3.jpg" border="0" height="25" width="562"></td>
</tr>
<tr>
<td bgcolor="ffffff" width="15">&nbsp;</td><td bgcolor="ffffff" width="12">&nbsp;</td><td valign="top" align="left" bgcolor="ffffff" width="*">
<p>
<br>
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td width="90%"><font size="4" face="Verdana, Arial, Helvetica"><b>PasswordLoginModule</b></font></td><td width="200" align="right"><font size="1" face="Verdana, Arial, Helvetica"><nobr>   第 13 页（共13 页）</nobr></font></td>
</tr>
</table>
<br>
<br>
</p>
<font size="2" face="Verdana, Arial, Helvetica">
<p> 
<code>PasswordLoginModule</code> 使用 <code>NameCallback</code> 来获取用户名并使用
<code>PasswordCallback</code> 来获取密码。如果用户名是&ldquo;joeuser&rdquo;，密码是&ldquo;joe&rdquo;，
则该认证将成功。</p>
<pre>
<code style="font-family: Courier New, Courier, monospace; font-size: 12">
import java.security.*;
import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import java.io.*;
import java.util.*;
//
// This is a JAAS Login Module that requires both a username and a  
// password. The username must equal the hardcoded "joeuser" and 
// the password must match the hardcoded "joeuserpw". 
public class
PasswordLoginModule implements LoginModule {

     private <code>Subject</code> subject;
     private <code>Principal</code> principal;
     private CallbackHandler callbackHandler;
     private String username;
     private char[] password;
     private boolean loginSuccess;
     //
     // Initialize sets up the login module.  sharedState and options are
     // advanced features not used here
     public void initialize(<code>Subject</code> sub, CallbackHandler cbh,
       Map sharedState,Map options) {

       subject = sub;
       callbackHandler = cbh;
       loginSuccess = false;
       username = null;
       clearPassword();
     }
     //
     // The login phase gets the userid and password from the user and
     // compares them to the hardcoded values "joeuser" and "joeuserpw".
     public boolean login() throws LoginException {
       //
       // Since we need input from a user, we need a callback handler
       if (callbackHandler == null) {
          throw new LoginException("No CallbackHandler defined");
       }
       Callback[] callbacks = new Callback[2];
       callbacks[0] = new NameCallback("Username");
       callbacks[1] = new PasswordCallback("Password", false);
       //
       // Call the callback handler to get the username and password
       try {
         System.out.println( "\nPasswordLoginModule Login" );
         callbackHandler.handle(callbacks);
         username = ((NameCallback)callbacks[0]).getName();
         char[] temp = ((PasswordCallback)callbacks[1]).getPassword();
         password = new char[temp.length];
         System.arraycopy(temp, 0, password, 0, temp.length);
         ((PasswordCallback)callbacks[1]).clearPassword();
       } catch (IOException ioe) {
         throw new LoginException(ioe.toString());
       } catch (UnsupportedCallbackException uce) {
         throw new LoginException(uce.toString());
       }
       System.out.println();
       //
       // If username matches, go on to check password
       if ( "joeuser".equals(username)) {
         System.out.println
           ( "Login: PasswordLoginModule Username Matches" );
         if ( password.length == 5 &amp;&amp;
             password[0] == 'j' &amp;&amp;
             password[1] == 'o' &amp;&amp;
             password[2] == 'e' &amp;&amp;
             password[3] == 'p' &amp;&amp;
             password[4] == 'w' ) {
           //
           //If userid and password match, then login is a success
           System.out.println
             ( "Login: PasswordLoginModule Password Matches" );
           loginSuccess = true;
           System.out.println
             ( "Login: PasswordLoginModule SUCCESS" );
           clearPassword();
           return true;
         } else {
           System.out.println
            ( "Login: PasswordLoginModule Password Mismatch" );
         }
       } else {
         System.out.println( "Login: PasswordLoginModule Username Mismatch" );
       }
       //
       // If either mismatch, then this login module fails

       loginSuccess = false;
       username = null;
       clearPassword();
       System.out.println( "Login: PasswordLoginModule FAIL" );
       throw new FailedLoginException();
     }
     //
     // The commit phase adds the principal if both the overall 
     // authentication succeeds (which is why commit was called) 
     // as well as this particular login module
     public boolean commit() throws LoginException {

       //
       // Check to see if this login module succeeded
       if (loginSuccess == false) {
         System.out.println( "Commit: PasswordLoginModule FAIL" );
         return false;
       }
       // If this login module succeeded too, then add the new principal
       // to the subject (if it does not already exist)
       principal = new PrincipalImpl(username);
       if (!(subject.getPrincipals().contains(principal))) {
         subject.getPrincipals().add(principal);
       }
       username = null;
       System.out.println( "Commit: PasswordLoginModule SUCCESS" );
       return true;
     }
     //
     // The abort phase is called if the overall authentication fails, so
     // we have to cleanup the internal state
     public boolean abort() throws LoginException {

       if (loginSuccess == false) {
         System.out.println( "Abort: PasswordLoginModule FAIL" );
         principal = null;
         username = null;
         return false;
       }
       System.out.println( "Abort: PasswordLoginModule SUCCESS" );
       logout();
       return true;
     }
     //
     // The logout phase cleans up the state
     public boolean logout() throws LoginException {
       subject.getPrincipals().remove(principal);
       loginSuccess = false;
       username = null;
       principal = null;
       System.out.println( "Logout: PasswordLoginModule SUCCESS" );
       return true;
     }
     //
     // Private helper function to clear the password, a good programming
     // practice
     private void clearPassword() {
       if (password == null) {
         return;
       }
       for (int i=0;i&lt;password.length;i++) {
         password[i] = ' ';
       }
       password = null;
     }
}
</code>
</pre>
<br>
</font></td>
</tr>
</table>
<TABLE border="0" cellpadding="0" cellspacing="0" width="100%">
<TR>
<TD align="right" colspan="6"><a border="0" onMouseOver="iOver('topnextsection'); iOver('bottomnextsection'); self.status=nextsectionblurb; return true;" onMouseOut="iOut('topnextsection'); iOut('bottomnextsection'); self.status=''; return true;" href="j-sec2-4-1.html"><img alt="下一章" src="../i/nextsection.gif" border="0" name="bottomnextsection"></a></TD>
</TR>
<TR>
<TD width="100%" colspan="5"></TD><TD width="108" height="1" bgcolor="#000000" align="right"><IMG alt="" height="1" width="108" src="../i/c.gif"></TD>
</TR>
<TR>
<TD background="../i/sw-gold.gif"><a border="0" href="index.html" onMouseOver="iOver('topmain'); iOver('bottommain'); self.status=mainblurb; return true;" onMouseOut="iOut('topmain'); iOut('bottommain'); self.status=''; return true;"><img alt="主菜单" border="0" src="../i/main.gif" name="bottommain"></a></TD><TD background="../i/sw-gold.gif"><a border="0" onMouseOver="iOver('topsection'); iOver('bottomsection'); self.status=sectionblurb; return true;" onMouseOut="iOut('topsection'); iOut('bottomsection'); self.status=''; return true;" href="index3.html"><img alt="章节菜单" border="0" src="../i/section.gif" name="bottomsection"></a></TD><TD background="../i/sw-gold.gif"><a border="0" onMouseOver="iOver('topfeedback'); iOver('bottomfeedback'); self.status=feedbackblurb; return true;" onMouseOut="iOut('topfeedback'); iOut('bottomfeedback'); self.status=''; return true;" href="j-sec2-6-3.html"><img alt="给出此教程的反馈意见" border="0" src="../i/feedback.gif" name="bottomfeedback"></a></TD><TD width="100%" background="../i/sw-gold.gif"><img alt="" src="../i/c.gif"></TD><TD background="../i/sw-gold.gif"><a border="0" onMouseOver="iOver('topprevious'); iOver('bottomprevious'); self.status=previousblurb; return true;" onMouseOut="iOut('topprevious'); iOut('bottomprevious'); self.status=''; return true;" href="j-sec2-3-12.html"><img alt="上页" border="0" src="../i/previous.gif" name="bottomprevious"></a></TD><TD background="../i/sw-gold.gif"><img alt="" border="0" src="../i/xnext.gif"></TD>
</TR>
<TR>
<TD width="150" height="1" bgcolor="#000000" colspan="6"><IMG alt="" height="1" width="150" src="../i/c.gif"></TD>
</TR>
</TABLE>
<TABLE width="100%" cellpadding="0" cellspacing="0" border="0">
<TR>
<TD width="100%">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td><img alt="" height="1" width="1" src="../i/c.gif"></td>
</tr>
<tr valign="top">
<td class="bbg" height="21">　<a class="mainlink" href="/developerWorks/cn/cgi-bin/click.cgi?url=http://www-900.ibm.com/cn/ibm/index.shtml">关于 IBM</a><span class="divider">　| </span><a class="mainlink" href="/developerWorks/cn/cgi-bin/click.cgi?url=http://www-900.ibm.com/cn/ibm/privacy/index.shtml">隐私条约</a><span class="divider">　| </span><a class="mainlink" href="/developerWorks/cn/cgi-bin/click.cgi?url=http://www-900.ibm.com/cn/ibm/legal/index.shtml">法律条款</a><span class="divider">　| </span><a class="mainlink" href="/developerWorks/cn/cgi-bin/click.cgi?url=http://www-900.ibm.com/cn/ibm/contact/index.shtml">联系 IBM</a></td>
</tr>
</table>
</TD>
</TR>
</TABLE>
</body>
</html>