[英]Why does a LoginContext producer work in a Java EE/Servlet container?
The opensource Java EE 6 Petstore project implements a LoginContext producer to carry out custom user authentication. 开源Java EE 6 Petstore项目实现了LoginContext生产者来执行自定义用户身份验证。 Below is the source code.
下面是源代码。
Why does that work? 为什么行得通? Is it application server specific or a standard behaviour (for example, enforced by some JSR)?
它是特定于应用程序服务器还是标准行为(例如,由某些JSR强制执行)?
package org.agoncal.application.petstore.security;
import org.agoncal.application.petstore.util.ConfigProperty;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.File;
import java.net.URISyntaxException;
/**
* @author blep
* Date: 16/02/12
* Time: 07:28
*/
public class LoginContextProducer {
// ======================================
// = Attributes =
// ======================================
@Inject
private SimpleCallbackHandler callbackHandler;
// ======================================
// = Business methods =
// ======================================
@Produces
public LoginContext produceLoginContext(@ConfigProperty("loginConfigFile") String loginConfigFileName,
@ConfigProperty("loginModuleName") String loginModuleName) throws LoginException, URISyntaxException {
System.setProperty("java.security.auth.login.config", new File(LoginContextProducer.class.getResource(loginConfigFileName).toURI()).getPath());
try {
return new LoginContext(loginModuleName, callbackHandler);
} catch (Exception e) {
System.out.println("ouch!!!");
return null;
}
}
}
LoginContext is part of the Java Authentication and Authorization Service (JAAS) . LoginContext是Java身份验证和授权服务(JAAS)的一部分 。
LoginContextProducer is a CDI "producer" that handles the concern of producing a LoginContext so other classes can inject it. LoginContextProducer是CDI“生产者”,它处理产生LoginContext的问题,以便其他类可以注入它。 The custom login module is implemented in SimpleLoginModule and it's use is specified in a config file (config.properties).
定制登录模块在SimpleLoginModule中实现,并且其使用在配置文件(config.properties)中指定。
If you are happy to use the default implementations of JAAS provided by your application server, you don't need to write the custom login module or producer. 如果您愿意使用应用程序服务器提供的JAAS的默认实现,则无需编写自定义登录模块或生产者。
Taking a look at the project Here the POM Maven , if not let anything escape, these main technologies are being used in this project in question: 看一下项目在这里,POM Maven如果没有让任何东西逃脱,这些项目中将使用这些主要技术:
Running on the GlassFish server. 在GlassFish服务器上运行。
The j2ee specification 6 here says you can use dependencies, then code is in the standard. J2EE规范6 在这里说,你可以使用相关性,则代码标准。 If your question was if this project could work with original / native dependencies of J2ee, then I would answer no, you would have the dependencies for this project to be compiled.
如果您的问题是该项目是否可以与J2ee的原始/本地依赖项一起工作,那么我将回答“否”,您将有待编译的该项目的依赖项。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.