Configuring JAAS on OC4J_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-01-12 17:16 出处：网络

I\'m trying to get JAAS working with OC4J. I\'ve gotten JAAS working before with JBoss. Using JAAS with JBoss is simple (to me).

相关专题：jaas oc4j

I'm trying to get JAAS working with OC4J.

I've gotten JAAS working before with JBoss. Using JAAS with JBoss is simple (to me).

In the app's jboss-web.xml, put this:

<security-domain>java:/jaas/myApp</security-domain>

And put the following in JBoss's login-config.xml:

<application-policy name = "myApp">
   <authentication>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
        <module-option name="dsJndiName">java:/jdbc/myDS</module-option>
        <module-option name="principalsQuery">SELECT password FROM users WHERE username=?</module-option>
        <module-option name="rolesQuery">select name, 'Roles' from groups ...</module-option>
      </login-module>
   </authentication>
</application-policy>

So what's the equivalent in OC4J? Do I really need to deal with Realms, UserManagers, etc, or can I just add some XML in the system-jazn-data.xml file? What's the simpl开发者_StackOverflowest solution?

Ok, did some more homework and found out that it's close. You need to add this to $OC4J_HOME/j2ee/yourinstance/config/system-jazn-data.xml

<application>
  <name>myApp</name>
  <login-modules>
    <login-module>
      <class>com.company.project.JDBCLoginModule</class>
      <control-flag>required</control-flag>
      <options>
        <option>
          <name>principalsQuery</name>
          <value>SELECT password FROM users WHERE username=?</value>
        </option>
        <option>
          <name>dsJndiName</name>
          <value>jdbc/myDS</value>
        </option>
      </options>
    </login-module>
  </login-modules>
</application>

You then have to create the JDBCLoginModule class, which implements javax.security.auth.spi.LoginModule. Maybe OC4J already has that class, but I couldn't find it. Include that class in your EAR/WAR/JAR that gets deployed to OC4J.

Still working on the groups/roles aspect of login.

UPDATE: Even better, found the official web pages:

http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/jaas_intro.htm
http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#BABCDDAI

a) Actually, the best way is to put that on the orion-applcation and it will be installed automatically everytime the application is deployed: It will look something like

<jazn-loginconfig>
  <application>
    <name>ApplicationName</name>
    <login-modules>
      <login-module>
        <class>mycomapany.idm.loginmodules.BlahBlahLoginModule</class>
        <control-flag>required</control-flag>
        <options>
          <option>
          <name>debug</name>
          <value>true</value>
          </option>
        </options>
      </login-module>
    </login-modules>
  </application>
</jazn-loginconfig>

b) You should check JAZN which is the Oracle implementation/replacement for JAAS. It is more robust and flexible (although more complex). Now if you login logic is as simple as you posted above, I think that will be enough.