JAAS
Txheej txheem cej luam: Ruaj ntseg yog ib lub ntsiab sib nrauj nyob rau hauv daim ntaub ntawv web. Thiaj zoo thov Web site nyob ntawm qhov kev ruaj ntseg siv kuj. Thiab rau daim ntaub ntawv lub hom phiaj tseem ceeb heev, ruaj ntseg nam muaj DVR thiab kuaj ua ntej nws nkag mus rau hauv ntau lawm. Hnub ua ntej lawm, kev ruaj ntseg tau yooj yim txaus thiab developers code lawv yooj yim cai nram qab no thiab validations. Tab sis, nta ntxiv saib xyuas tau noj kom muab ib daim ntawv thov ruaj ntseg. Nyob rau cov tshooj no peb yuav tham txog kev ruaj ntseg sib txawv thiab lawv yuav siv lus.
Taw qhia: Java authentication thiab tso cai rau (JAAS) yog ib kiv puag ncig nyob ruaj ntseg sau. Qhov no yog lug txais hauv java thiab J2EE enterprise daim ntaub ntawv. JAAS no yeej muaj raws li java authentication thiab kev tso cai API. API exposes interfaces thiab cov configuration siv daim ntawv thov rau txheej. Siv cov nta, ib daim ntawv thov web ruaj yuav tsum thiab npaj kom ntau lawm. Tab sis siv cov JAAS los yog tej kev cai module nyob li qhov yuav tsum tau ua daim ntawv thov.
Hauj lwm lawm: Ua ntej peb tham kom paub meej, peb yuav tsum paub txog lub thawv. Ib lub taub ntim tau txhais tias yog ib qho chaw (ib puag ncig software) thaum uas tsab ntawv sau. Apart from khiav kev siv, thawv muaj txawv lwm functionalities tab sis peb yuav sib tham txog cov neeg nyob rau hauv ib tsab xov xwm cais. Ib lo lus ' thawv’ yog synonymous nrog neeg rau zaub mov ntawv J2EE. Yog tseem paub li J2EE thawv. Vim li ntawd cov nqe lus nug tom ntej no yog, peb yuav tau ib lub taub ntim vim li cas? Yeej thawv qhia tag nrho kev tsim nyog yuav tsum ntseeg nkaws khiav cov ntaub ntawv thiab kev ua kom zoo. Muaj ib tug xov tooj ntawm J2EE kom muaj hauv lub lag luam thiab lawv qhia txawv muaj ntau seem ntawm kev them nyiaj yug. Tab sis lub thawv no yuav tsum tau taug tus J2EE specification, tej zaum yuav yog cov los yog kiag li. Zoo li tomcat yog ib lub taub ntim web, uas tsuas implements seem servlet ntawm lub J2EE specification. Qhov twg li weblogic, websphere, JBoss muaj neeg rau zaub mov tiav daim ntawv thov raws li lawv raws li lub teb J2EE specification.
Daim ntawv thov ruaj ntseg: Nyob rau cov tshooj no peb yuav mas mloog zoo rau daim ntawv thov ruaj ntseg. Ua ntej peb ua hauj, peb yuav tsum tau muaj ib tug to taub txog daim ntawv thov ruaj ntseg. Thov ruaj ntseg yuav tau txhais tias yog ib ruaj ntseg mechanism ntawv cov ntaub ntawv rau nws tus kheej kom ruaj ntseg. Daim ntawv thov noj tau kev pab los ntawm cov neeg rau zaub mov lub moj khaum los yog tsab ntawv teev npe nta kom muaj kev ntse. Tom qab siv lub tswv yim ruaj ntseg rau daim ntawv thov yuav ruaj ntseg los ntawm nws cov neeg. Yog peb muab los ntawm tsab ntawv teev npe foundations, ces nws yog lub luag hauj lwm ntawm tus tsim tawm los ua raws li cov kauj ruam kom zoo thiab kev txiav txim txog kev ruaj ntseg yuav siv kom paub meej. Muaj ntau ntau yam ruaj ntseg implementations kuj zoo li ruaj ntseg network, JVM ruaj ntseg, daim ntawv thov neeg rau zaub mov ruaj ntseg thiab ntau ntxiv. Tab sis, peb tau kev sib tham no tsuas siv tau daim ntawv thov ruaj ntseg ces tsuas. Peb yeej meem tsom hauv kev sib tham no yuav tau hais rau J2EE ruaj ntseg nta thiab nws cov neeg. Txoj kev, authentication thiab kev tso cai yuav ib qho rau daim ntawv thov yuav ruaj ntseg siv. Java feature JAAS yuav mus saib xyuas tag nrho cov teeb meem.
Security daim ntawv tso cai: Thaum peb yuav tawm tswv yim txog pab txhua tus thov ruaj ntseg, peb yuav tsum los saib lub qab tsib loj zog uas muaj feem ntau pom tias lub sij hawm qhov kev siv.
- Authentication (Siv rau authenticate tus neeg siv)
- Tso cai (Yuav ua li cas in thiaj li tso rau neeg saib)
- Rau npe (Mus sau npe neeg siv tshiab)
- Nyiaj txij nkawm (Uas yog ib txoj kev kom, muab kho dua lwm yam)
- Nyiaj rho tawm los yog inactivate (Qhov no yog rau cov neeg raug tshem tawm)
Hais txog txhua yam kev siv tsis ua raws li tag nrho cov saum no ntxiv. Lawv yuav siv sub txheej lub zog los yog lawv xaiv tej zaum qee leej as per lawv tau. Tab sis cov no yog ib qhov yooj yim siv zog uas yuav tau raug xam tias yog nyob ruaj ntseg ntawv yuav siv.
JAAS Authentication: Java Authentication thiab kev tso cai (JAAS) yog ib qhov txheem hau rau authenticating twg cov neeg uas muaj ntaub ntawv. Daim ntawv thov yuav ib daim ntawv thov enterprise, Web site daim ntawv lossis tej ntaub ntawv standalone. Cov qhov uas tseem ceeb tshaj yog cov ntaub ntawv configuration siv nyob rau hauv lub moj khaum JAAS. Cov ntaub ntawv configuration hlauv qhov yuav ua raws li cov txheej txheem interfaces thiab cov hu ua rau authenticate tus neeg siv. Nyob rau hauv lub moj khaum JAAS, tus muab realization thiab cov authentication muaj nyob rau hauv qhov kev siv ntawm cov txheem JAAS interfaces. Nws muaj xws li cov nram qab no interfaces.
- Callback interface
- CallbackHandler
- LoginModule
Qhov kev tso cai ntawm Callback interfaces yog rau retrieve tus neeg siv peev xwm thiab cov nuj nqi uas LoginModule yog tus muaj peev xwm muaj tseeb thiab cia nws tus ID nkag mus los yog rau tus ID nkag mus tsis tau tejyam lus phab redirect.
Yog qhov yuav ua raws li JAAS standalone thiab lwm yam kev siv ntau. Nyob rau hauv ib daim ntawv thov standalone raug, tus Callback handler interface retrieves lub peev xwm thiab LoginModule interface authenticate lub peev xwm. Thiab cov neeg siv kom paub meej yog feem ntau muab hauv khw pheej zoo li database, lawv cov ntaub ntawv hauv zos los sis LDAP directory. Tab sis thaum koj daim ntawv thov no deployed hauv ib lub taub ntim ces yog cov mechanism txawv lub. Lub moj khaum JAAS yuav tsum sib tham nrog lub thawv kom tau cov kev pab txog rau authentication thiab kev tso cai. Cov JAAS LoginModule tim thawv siv txog APIs. Lub thawv ib APIs yuav tau peev xwm authenticate. Lub thawv APIs kev ua ob tug paub tab qab
- Muab Realization
- Muab Authentication
Lub moj khaum JAAS communicates nrog cov ntug kev APIs nrog ib tug hluas txoj kev hu xov tooj rau thiab kis rau neeg kom paub meej. Tom qab uas lub chaw ua hauj lwm kom yam los ntawm cov ntug. Tab sis yuav siv no mas nws txawv ntawm ib lub thawv rau lwm.
Peb yuav tsum to taub tias JAAS yog ib lub moj khaum uas txhawb mechanism authentication thiab kev tso cai. Muaj ntau ntau lwm yam kev coj uas yog li no yuav. Tab sis, nyob rau hauv JAAS, tus tsim tawm tau sau thawv tej chaws hu thawv APIs. Ces tus JAAS txoj kev cai lawm rau kev yuav sau kom muaj kev authentication thiab kev tso cai cov txheej txheem. Nta tej thawv muaj JAAS yuav siv txhawb thiab nws yog ua nyob rau hauv. Tiam sis tseem tus tsim tawm tau los sau ntawv cai kom muaj kev JAAS kiag li.
Nyob rau hauv qhov piv txwv nram qab no peb yuav pom tus txheem JAAS thawv authentication. Lub CallbackHandler tuam haujlwm txais cov neeg siv input thiab ces tus kov () txoj kev tej lub hom phiaj ua hauj lwm sij.
Listing1: Saj txoj uas qhia qhov kev siv
[chaws]
pob com.techalpine.jaas;
ntshuam java.io.IOException;
ntshuam javax.security.auth.callback.UnsupportedCallbackException;
ntshuam javax.security.auth.callback.Callback;
ntshuam javax.security.auth.callback.CallbackHandler;
pej xeem hoob TACallbackHandler implements CallbackHandler
{
// Txhais kom meej yooj yim neeg siv cov lus li neeg lub npe thiab lo lus zais
chaw uname txoj hlua;
chaw pwd txoj hlua;
// Hu rau constructor rau nrog neeg lub npe thiab lo lus zais
pej TACallbackHandler(Txoj hlua uname, Txoj hlua pwd)
{
this.uname = uname;
this.pwd = pwd;
}
// Txoj kev no yog siv los ua cov hauj lwm
pej xeem tsis muaj dabtsis kov(Callback[] callbacks) throws IOException,
UnsupportedCallbackException
{
// Sau daim ntawv thov sepcific yuav siv txoj
}
// Getter txoj kev txais neeg siv lub npe
pej xeem txoj hlua getUname()
{
rov qab mus uname;
}
// Getter txoj kev txais lo lus zais
pej xeem txoj hlua getPword()
{
rov qab mus pwd;
}
}
Nyob rau hauv qhov piv txwv nram qab no peb yuav ua rau koj tus ID nkag mus module thiab yuav siv nws cov
Listing2: Qauv qhia ID nkag mus module
pob com.techalpine.jaas;
ntshuam java.util.Map;
ntshuam javax.security.auth.Subject;
ntshuam javax.security.auth.login.LoginException;
ntshuam javax.security.auth.callback.CallbackHandler;
ntshuam javax.security.auth.spi.LoginModule;
pej xeem hoob TALLoginModule implements LoginModule {
// Txhais kom meej zog
Kawm lwm sub;
lwm yam CallbackHandler handlr;
daim ntawv qhia kho shrState;
daim ntawv qhia kho opts;
// Initialize tus tsiaj ntawv
pej xeem tsis muaj dabtsis initialize(Kawm sub, CallbackHandler handlr,
Daim ntawv qhia shrState, Daim ntawv qhia opts)
{
this.sub = sub;
this.handlr = handlr;
this.shrState = shrState;
this.opts = opts;
}
// Authenticate neeg siv hauv module ID nkag mus
pej xeem boolean ID nkag mus() throws LoginException
{
MrBOOLCallbackHandler handlr = (MrBOOLCallbackHandler) this.handlr;
// Authenticate tus neeg siv
rov qab mus ContainerAuthMethod.authenticate
(
handlr.getUname(),
handlr.getPword()
);
}
// Kuas nyuas siv zug lub lag luam
pej xeem ua phem boolean() throws LoginException
{
rov qab muaj tseeb;
}
// Ho cov zov me nyuam
pej xeem boolean ho() throws LoginException
{
rov qab mus ContainerAuthMethod.logout(handlr.getUsername(),
handlr.getPassword());
}
// Logout ntawm daim ntawv thov
pej xeem logout boolean() throws LoginException
{
rov qab mus ContainerAuthenticationMethod.logout(handlr.getUsername(),
handlr.getPassword());
}
}
Xaus: Ua ntej concluding peb sib tham txog kev ruaj ntseg thiab kev siv JAAS, peb yuav tsum to taub tias xaiv ib lub moj khaum zoo ruaj ntseg / module nyob li qhov yuav tsum tau ua daim ntawv thov. Yog tias yuav tsum tau rau kev cai authentication ces tej lub sij hawm developers siv kev cai modules (Yog tias tsis siv JAAS los yog muaj lwm yam ntsiab muaj nyob hauv txoj kev ua lag luam). Tab sis raws li peb hais tias JAAS muab lub moj khaum tag nrho, peb tau nkag muaj qauv. Qhov chaw ua hauj lwm ntawm tus tsim tawm no yog los code kev cai ib sab xwb uas nws txawv ntawm ib daim ntawv thov mus rau lwm.
