security jaas
This commit is contained in:
parent
0a369c4a16
commit
3904d41565
1
pom.xml
1
pom.xml
|
@ -636,6 +636,7 @@
|
||||||
<module>webrtc</module>
|
<module>webrtc</module>
|
||||||
<module>wildfly</module>
|
<module>wildfly</module>
|
||||||
<module>quarkus-extension</module>
|
<module>quarkus-extension</module>
|
||||||
|
<module>security-jaas</module>
|
||||||
</modules>
|
</modules>
|
||||||
|
|
||||||
</profile>
|
</profile>
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>com.baeldung.security.jaas</groupId>
|
||||||
|
<artifactId>security-jaas</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
<artifactId>jaas-app</artifactId>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-jar-plugin</artifactId>
|
||||||
|
<version>3.1.2</version>
|
||||||
|
<configuration>
|
||||||
|
<archive>
|
||||||
|
<manifest>
|
||||||
|
<addClasspath>true</addClasspath>
|
||||||
|
<mainClass>com.baeldung.security.jaas.JaasApplication</mainClass>
|
||||||
|
</manifest>
|
||||||
|
</archive>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.baeldung.security.jaas</groupId>
|
||||||
|
<artifactId>jaas-login-module</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,24 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import javax.security.auth.callback.*;
|
||||||
|
import java.io.Console;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class ConsoleCallbackHandler implements CallbackHandler {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
|
||||||
|
Console console = System.console();
|
||||||
|
for (Callback callback : callbacks) {
|
||||||
|
if (callback instanceof NameCallback) {
|
||||||
|
NameCallback nameCallback = (NameCallback) callback;
|
||||||
|
nameCallback.setName(console.readLine(nameCallback.getPrompt()));
|
||||||
|
} else if (callback instanceof PasswordCallback) {
|
||||||
|
PasswordCallback passwordCallback = (PasswordCallback) callback;
|
||||||
|
passwordCallback.setPassword(console.readPassword(passwordCallback.getPrompt()));
|
||||||
|
} else {
|
||||||
|
throw new UnsupportedCallbackException(callback);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import javax.security.auth.Subject;
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
|
public class JaasAuthentication {
|
||||||
|
|
||||||
|
public static void main(String[] args) throws LoginException {
|
||||||
|
LoginService loginService = new LoginService();
|
||||||
|
Subject subject = loginService.login();
|
||||||
|
System.out.println(subject.getPrincipals().iterator().next() + " sucessfully logeed in");
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,17 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import javax.security.auth.Subject;
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
import java.security.PrivilegedAction;
|
||||||
|
|
||||||
|
public class JaasAuthorization {
|
||||||
|
|
||||||
|
public static void main(String[] args) throws LoginException {
|
||||||
|
|
||||||
|
LoginService loginService = new LoginService();
|
||||||
|
Subject subject = loginService.login();
|
||||||
|
|
||||||
|
PrivilegedAction privilegedAction = new ResourceAction();
|
||||||
|
Subject.doAsPrivileged(subject, privilegedAction, null);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import javax.security.auth.Subject;
|
||||||
|
import javax.security.auth.login.LoginContext;
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
|
||||||
|
public class LoginService {
|
||||||
|
|
||||||
|
public Subject login() throws LoginException {
|
||||||
|
LoginContext loginContext = new LoginContext("jaasApplication", new ConsoleCallbackHandler());
|
||||||
|
loginContext.login();
|
||||||
|
return loginContext.getSubject();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import java.security.PrivilegedAction;
|
||||||
|
|
||||||
|
public class ResourceAction implements PrivilegedAction {
|
||||||
|
@Override
|
||||||
|
public Object run() {
|
||||||
|
SecurityManager sm = System.getSecurityManager();
|
||||||
|
if (sm != null) {
|
||||||
|
sm.checkPermission(new ResourcePermission("test_resource"));
|
||||||
|
}
|
||||||
|
System.out.println("I have access to test_resource !");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package com.baeldung.security.jaas.app;
|
||||||
|
|
||||||
|
import java.security.BasicPermission;
|
||||||
|
|
||||||
|
public class ResourcePermission extends BasicPermission {
|
||||||
|
public ResourcePermission(String name) {
|
||||||
|
super(name);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>com.baeldung.security.jaas</groupId>
|
||||||
|
<artifactId>security-jaas</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
<artifactId>jaas-login-module</artifactId>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,76 @@
|
||||||
|
package com.baeldung.security.jaas.authentication;
|
||||||
|
|
||||||
|
import com.sun.security.auth.UserPrincipal;
|
||||||
|
|
||||||
|
import javax.security.auth.Subject;
|
||||||
|
import javax.security.auth.callback.*;
|
||||||
|
import javax.security.auth.login.LoginException;
|
||||||
|
import javax.security.auth.spi.LoginModule;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.Principal;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
public class InMemoryLoginModule implements LoginModule {
|
||||||
|
|
||||||
|
private static final String USERNAME = "testuser";
|
||||||
|
private static final String PASSWORD = "testpassword";
|
||||||
|
|
||||||
|
private Subject subject;
|
||||||
|
private CallbackHandler callbackHandler;
|
||||||
|
private Map<String, ?> sharedState;
|
||||||
|
private Map<String, ?> options;
|
||||||
|
|
||||||
|
private String username;
|
||||||
|
private boolean loginSucceeded = false;
|
||||||
|
private Principal userPrincipal;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void initialize(Subject subject,
|
||||||
|
CallbackHandler callbackHandler,
|
||||||
|
Map<String, ?> sharedState,
|
||||||
|
Map<String, ?> options) {
|
||||||
|
this.subject = subject;
|
||||||
|
this.callbackHandler = callbackHandler;
|
||||||
|
this.sharedState = sharedState;
|
||||||
|
this.options = options;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean login() throws LoginException {
|
||||||
|
NameCallback nameCallback = new NameCallback("username: ");
|
||||||
|
PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
|
||||||
|
try {
|
||||||
|
callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
|
||||||
|
username = nameCallback.getName();
|
||||||
|
String password = new String(passwordCallback.getPassword());
|
||||||
|
if (USERNAME.equals(username) && PASSWORD.equals(password)) {
|
||||||
|
loginSucceeded = true;
|
||||||
|
}
|
||||||
|
} catch (IOException | UnsupportedCallbackException e) {
|
||||||
|
//...
|
||||||
|
}
|
||||||
|
return loginSucceeded;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean commit() throws LoginException {
|
||||||
|
if (!loginSucceeded) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
userPrincipal = new UserPrincipal(username);
|
||||||
|
subject.getPrincipals().add(userPrincipal);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean abort() throws LoginException {
|
||||||
|
logout();
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean logout() throws LoginException {
|
||||||
|
subject.getPrincipals().remove(userPrincipal);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
jaasApplication {
|
||||||
|
com.baeldung.security.jaas.authentication.InMemoryLoginModule required debug=true;
|
||||||
|
};
|
|
@ -0,0 +1,14 @@
|
||||||
|
grant codebase "file:./jaas-app/target/jaas-app.jar" {
|
||||||
|
permission javax.security.auth.AuthPermission "createLoginContext.jaasApplication";
|
||||||
|
permission javax.security.auth.AuthPermission "doAsPrivileged";
|
||||||
|
permission java.lang.RuntimePermission "readFileDescriptor";
|
||||||
|
permission java.lang.RuntimePermission "writeFileDescriptor";
|
||||||
|
};
|
||||||
|
|
||||||
|
grant codebase "file:./jaas-login-module/target/jaas-login-module.jar" {
|
||||||
|
permission javax.security.auth.AuthPermission "modifyPrincipals";
|
||||||
|
};
|
||||||
|
|
||||||
|
grant principal com.sun.security.auth.UserPrincipal "testuser" {
|
||||||
|
permission com.baeldung.security.jaas.app.ResourcePermission "test_resource";
|
||||||
|
};
|
|
@ -0,0 +1,27 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<groupId>com.baeldung.security.jaas</groupId>
|
||||||
|
<artifactId>security-jaas</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<maven.compiler.source>1.8</maven.compiler.source>
|
||||||
|
<maven.compiler.target>1.8</maven.compiler.target>
|
||||||
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<modules>
|
||||||
|
<module>jaas-app</module>
|
||||||
|
<module>jaas-login-module</module>
|
||||||
|
</modules>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<finalName>${project.artifactId}</finalName>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1 @@
|
||||||
|
java -Djava.security.auth.login.config=jaas.login.config -classpath jaas-app/target/jaas-app.jar;jaas-login-module/target/jaas-login-module.jar com.baeldung.security.jaas.app.JaasAuthentication
|
|
@ -0,0 +1 @@
|
||||||
|
java -Djava.security.manager -Djava.security.policy=jaas.policy -Djava.security.auth.login.config=jaas.login.config -classpath %JAVA_HOME%\lib;jaas-app/target/jaas-app.jar;jaas-login-module/target/jaas-login-module.jar com.baeldung.security.jaas.app.JaasAuthorization
|
Loading…
Reference in New Issue