loginclientutil.java

一个非常好的FRAMWRK!是一个外国组织做的!不!

/**
 * Copyright 2003-2005 the original author or authors.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

package com.jdon.security.ejb;

import com.jdon.util.Debug;
import javax.security.auth.Subject;
import java.security.Principal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.callback.CallbackHandler;

import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.SecurityAssociationHandler;

/**
 * please config Login.Module.Name in web.xml
 *
 * 该方法login只对EJB访问有效，login方法实行后，可以访问被授权的EJB了。
 * 该类适合肥客户端等通过RMI对EJB实行访问。
 * 1. 在login-config.xml配置ClientLoginModule（缺省）
 * 2. 在login-config.xml中配置Login.Module.Name ，如下，这样和自己的数据库
 *    实现了联系：
 *  <application-policy name = "SecurityRealm">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"  flag = "required">
             <module-option name = "dsJndiName">java:/Security</module-option>
             <module-option name="principalsQuery">SELECT password FROM User WHERE name = ?</module-option>
             <module-option name="rolesQuery">SELECT RL.name, 'Roles' FROM role as RL, user as U ,  users_roles as RU WHERE U.userid = RU.userid and RU.roleid = RL.roleid  and U.name = ?</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=Security</module-option>
          </login-module>
       </authentication>
  </application-policy>
 * 3. 在客户端调用本login，即可实现对授权EJB访问。
 *
 *
 *
 * <p>Copyright: Jdon.com Copyright (c) 2003</p>
 * <p></p>
 * @author banq
 * @version 1.0
 */

public class LoginClientUtil {
  private final static String module = LoginClientUtil.class.getName();

  /**
   * 实现j_security_check功能
   * Login_Module_Name : SecurityRealm (Jboss login-config.xml)
   * @param username
   * @param password
   * @return boolean
   */
  public static boolean login(String username, String password,
                              String Login_Module_Name) {
    Subject subject = null;
    try {
      //jboss
      CallbackHandler pch = getJBossCallbackHandler(username, password);
      LoginContext loginCtx = new LoginContext(Login_Module_Name, pch);
      Debug.logVerbose(" begin to login ", module);
      loginCtx.login();

      Debug.logVerbose(" login successfully, subject=" + subject, module);
      return true;
    } catch (Exception e) {
      e.printStackTrace();
      Debug.logError(e, module);
      return false;
    }

  }

  private static CallbackHandler getJBossCallbackHandler(String username,
      String password) {
    SecurityAssociationHandler pch = new SecurityAssociationHandler();
    Principal user = getJBossPrincipal(username);
    pch.setSecurityInfo(user, password.toCharArray());
    return pch;
  }

  private static Principal getJBossPrincipal(String username) {
    return new SimplePrincipal(username);
  }

  private static CallbackHandler getCallbackHandler(String username,
      String password) {
    AppCallbackHandler pch = new AppCallbackHandler(username, password);
    return pch;

  }

}