JAAS generally has the following two steps:
1, Authentication: define principals, implement LoginModule and callback handler, associate designated principals with the subject object in the commit method of LoginModule implementation, configure the module implementation in a login configuration file, i.e
Sample {
sample.module.SampleLoginModule required debug=true;
};
lc = new LoginContext("Sample", new MyCallbackHandler());
Subject s = lc.getSubject();
Subject.doAs(s, new PrivilegedAction(){...}); // the authenticated subject s will be associated with the current access control context.
2. Authorization: write policy file to grant principals access right to any critical resources. e.g.
grant
Principal sample.principal.SamplePrincipal "testUser" {
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "foo.txt", "read";
};
posted on 2011-12-31 14:32
Sam Zheng 阅读(126)
评论(0) 编辑 收藏