开发者

Configuring JAAS on OC4J

I'm trying to get JAAS working with OC4J.

I've gotten JAAS working before with JBoss. Using JAAS with JBoss is simple (to me).

In the app's jboss-web.xml, put this:

<security-domain>java:/jaas/myApp</security-domain>

And put the following in JBoss's login-config.xml:

<application-policy name = "myApp">
   <authentication>
      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
        <module-option name="dsJndiName">java:/jdbc/myDS</module-option>
        <module-option name="principalsQuery">SELECT password FROM users WHERE username=?</module-option>
        <module-option name="rolesQuery">select name, 'Roles' from groups ...</module-option>
      </login-module>
   </authentication>
</application-policy>

So what's the equivalent in OC4J? Do I really need to deal with Realms, UserManagers, etc, or can I just add some XML in the system-jazn-data.xml file? What's the simpl开发者_StackOverflowest solution?


Ok, did some more homework and found out that it's close. You need to add this to $OC4J_HOME/j2ee/yourinstance/config/system-jazn-data.xml

<application>
  <name>myApp</name>
  <login-modules>
    <login-module>
      <class>com.company.project.JDBCLoginModule</class>
      <control-flag>required</control-flag>
      <options>
        <option>
          <name>principalsQuery</name>
          <value>SELECT password FROM users WHERE username=?</value>
        </option>
        <option>
          <name>dsJndiName</name>
          <value>jdbc/myDS</value>
        </option>
      </options>
    </login-module>
  </login-modules>
</application>

You then have to create the JDBCLoginModule class, which implements javax.security.auth.spi.LoginModule. Maybe OC4J already has that class, but I couldn't find it. Include that class in your EAR/WAR/JAR that gets deployed to OC4J.

Still working on the groups/roles aspect of login.

UPDATE: Even better, found the official web pages:

  • http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/jaas_intro.htm
  • http://download.oracle.com/docs/cd/B32110_01/web.1013/b28957/loginmod.htm#BABCDDAI


a) Actually, the best way is to put that on the orion-applcation and it will be installed automatically everytime the application is deployed: It will look something like

<jazn-loginconfig>
  <application>
    <name>ApplicationName</name>
    <login-modules>
      <login-module>
        <class>mycomapany.idm.loginmodules.BlahBlahLoginModule</class>
        <control-flag>required</control-flag>
        <options>
          <option>
          <name>debug</name>
          <value>true</value>
          </option>
        </options>
      </login-module>
    </login-modules>
  </application>
</jazn-loginconfig>

b) You should check JAZN which is the Oracle implementation/replacement for JAAS. It is more robust and flexible (although more complex). Now if you login logic is as simple as you posted above, I think that will be enough.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜