Configuring JAAS on OC4J
I'm trying to get JAAS working with OC4J.
I've gotten JAAS working before with JBoss. Using JAAS with JBoss is simple (to me).In the app's jboss-web.xml, put this:
<security-domain>java:/jaas/myApp</security-domain>
And put the following in JBoss's login-config.xml:
<application-policy name = "myApp">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name="dsJndiName">java:/jdbc/myDS</module-option>
<module-option name="principalsQuery">SELECT password FROM users WHERE username=?</module-option>
<module-option name="rolesQuery">select name, 'Roles' from groups ...</module-option>
</login-module>
</authentication>
</application-policy>
So what's the equivalent in OC4J? Do I really need to deal with Realms, UserManagers, etc, or can I just add some XML in the system-jazn-data.xml file? What's the simpl开发者_StackOverflowest solution?
Ok, did some more homework and found out that it's close. You need to add this to $OC4J_HOME/j2ee/yourinstance/config/system-jazn-data.xml
<application>
<name>myApp</name>
<login-modules>
<login-module>
<class>com.company.project.JDBCLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>principalsQuery</name>
<value>SELECT password FROM users WHERE username=?</value>
</option>
<option>
<name>dsJndiName</name>
<value>jdbc/myDS</value>
</option>
</options>
</login-module>
</login-modules>
</application>
You then have to create the JDBCLoginModule class, which implements javax.security.auth.spi.LoginModule
. Maybe OC4J already has that class, but I couldn't find it. Include that class in your EAR/WAR/JAR that gets deployed to OC4J.
Still working on the groups/roles aspect of login.
UPDATE: Even better, found the official web pages:
- http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/jaas_intro.htm
- http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#BABCDDAI
a) Actually, the best way is to put that on the orion-applcation and it will be installed automatically everytime the application is deployed: It will look something like
<jazn-loginconfig>
<application>
<name>ApplicationName</name>
<login-modules>
<login-module>
<class>mycomapany.idm.loginmodules.BlahBlahLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
</application>
</jazn-loginconfig>
b) You should check JAZN which is the Oracle implementation/replacement for JAAS. It is more robust and flexible (although more complex). Now if you login logic is as simple as you posted above, I think that will be enough.
精彩评论