Weblogic扩展JAAS身份验证案例

liuming794

步骤一、首先通过MDF的XML文件定义验证提供程序，文件路径为：d:\src\ImepAuthenticator.xml

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<!-- MBean Definition File (MDF) for the Sample Authenticator.
Copyright (c) 2003 by BEA Systems, Inc.  All Rights Reserved.
-->
<!-- Declare your mbean.
Since it is for an authenticator, it must extend the
weblogic.management.security.authentication.Authenticator mbean.
The Name and DisplayName must be the same.
They specify the name that will appear on the
console for this provider.
Set the PeristPolicy to "OnUpdate" so that if an attribute
value is changed, the new value is written to disk immediately.
See the "Developing Security Services" manual for more info.
Note that since this is an xml document, you can't use double
quotes directly.  Instead you need to use &quot;
Note that setting "Writeable" to "false" on an attribute
makes the attribute read-only.  The default is read-write.
-->
<MBeanType
Name          = "ImepSecurityAuthenticator"
DisplayName   = "Imep Security Authenticator"
Package       = "com.imep.security"
Extends       = "weblogic.management.security.authentication.Authenticator"
PersistPolicy = "OnUpdate"
>
<!-- You must set the value of the ProviderClassName attribute
(inherited from the weblogic.management.security.Provider mbean)
to the name of the java class you wrote that implements the
weblogic.security.spi.AuthenticationProvider interface.
You can think of the provider's mbean as the factory
for your provider's runtime implementation.
-->
<MBeanAttribute
Name          = "roviderClassName"
Type          = "java.lang.String"
Writeable     = "false"
Default       = "&quot;com.imep.security.ImepAuthProviderImpl&quot;"
/>
<!-- You must set the value of the Description attribute
(inherited from the weblogic.management.security.Provider mbean)
to a brief description of your provider.
It is displayed in the console.
-->
<MBeanAttribute
Name          = "Description"
Type          = "java.lang.String"
Writeable     = "false"
Default       = "&quot;Authenticator used for the MedRec sample application only&quot;"
/>
<!-- You must set the value of the Version attribute
(inherited from the weblogic.management.security.Provider mbean)
to your provider's version.  There is no required format.
-->
<MBeanAttribute
Name          = "Version"
Type          = "java.lang.String"
Writeable     = "false"
Default       = "&quot;1.0&quot;"
/>
<!-- Add any custom attributes for your provider here.
The sample authenticator does not have any custom attributes.
Note: custom attributes do not appear in the
console in WLS 7.0.  Use the admin command line tool
(java weblogic.Admin) to view and set their values.
Refer to the "Developing Security Services" manual
for more info on defining custom attributes.
-->
</MBeanType>


步骤二、使用MbeanMaker实用工具来处理MDF文件，并生成MBean和桩：
D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MDF d:\src\ImepAuthenticator.xml -files d:\src
Parsing the MBean definition file: d:\src\ImepAuthenticator.xml
Generating the source files...
Generating the MBean interface file...
Generating the MBean implementation file...
Compiling the implementation file...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
Generating the MBI generator file...
Compiling the MBI generator file...
Compiling these files   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MBI file...
Deleting the MBI generator temp files.......
Done.
步骤三、通过com.imep.security.ImepAuthProviderImpl类中设置JAAS验证模块

private AppConfigurationEntry getConfiguration(HashMap hashmap)
{
hashmap.put("database", new ImepAuthDatabase());
return new AppConfigurationEntry("com.imep.security.ImepLoginModuleImpl", controlFlag, hashmap);
}

其中com.imep.security.ImepLoginModuleImpl实现LoginModule
步骤四、在com.imep.security.ImepLoginModuleImpl验证模块中，实现自定义验证：
实现源码在附件中
步骤五、将以上代码打成jar包，并通过WebLogicMBeanMaker打成MJF包：
D:\>java -classpath "D:\bea\weblogic81\server\lib\mbeantypes\wlManagement.jar;D:
\bea\weblogic81\server\lib\weblogic.jar;D:\bea\jdk142_05\lib\tools.jar;D:\bea\jd
k142_05\lib\rt.jar;d:\src" -DcreateStubs="true" weblogic.management.commo.WebLog
icMBeanMaker -MJF ImepAuthenticatorProvider.jar -files d:\src
Compiling the files...
Compiling these files   d:\src\ImepSecurityAuthenticatorImpl.java
   d:\src\ImepSecurityAuthenticatorMBean.java
   d:\src\ImepSecurityAuthenticatorMBI.java
Creating the MJF...
MJF is created.
Done.
步骤六、将MJF包：
ImepAuthenticatorProvider.jar 放置到
D:\bea\weblogic81\server\lib\mbeantypes\下，
并登录weblogic的console控制台，在
domain->Security->Realms->myrealm->roviders->Authentication
中添加Imep Security Authenticator即可。