Java EE (JBoss EAP) 自定义认证方法 JWT
[英]Java EE (JBoss EAP) custom auth-method JWT
问题描述
I'm looking to implement JWT authentication and to grab some extra information too from the token on Java EE.
我正在寻找实现 JWT 身份验证并从 Java EE 上的令牌中获取一些额外信息。
The issue is that I need a custom auth-method of "jwt" in my web.xml file but this isn't supported apart from BASIC, DIGEST, FORM, CLIENT-CERT.问题是我需要在我的web.xml文件中使用“jwt”的自定义身份验证方法,但除了 BASIC、DIGEST、FORM、CLIENT-CERT 之外,不支持此方法。
Is there a way to achieve a custom login method to start the authentication process?有没有办法实现自定义登录方法来启动身份验证过程?
I require no client interaction and the Authorization header will be populated from the calling application using a Bearer realm.我不需要客户端交互,并且 Authorization 标头将使用 Bearer 领域从调用应用程序填充。
Ie Authorization : Bearer cn389ncoiwuencr即授权:承载 cn389ncoiwuencr
1 个解决方案
解决方案1
2 已采纳 2017-02-17 12:09:40
Note this is tested on 6.4 EAP, changes may be required for v7 in particular with the use of valves.请注意,这是在 6.4 EAP 上测试的,v7 可能需要更改,尤其是使用阀门时。
You need to write a custom xx.Authentication mechanism.您需要编写自定义 xx.Authentication 机制。 You can do this by extending org.apache.catalina.authenticator.FormAuthenticator and overriding the authenticate method.您可以通过扩展org.apache.catalina.authenticator.FormAuthenticator并覆盖身份验证方法来做到这一点。
The authenticate method will perform验证方法将执行
Principal principal = request.getUserPrincipal();
if (principal != null) {
logger.trace("User already authenticated");
return true;
}
Realm realm = context.getRealm();
principal = realm.authenticate("user", (String) null);
register(request, response, principal, "Bearer", "user", null);
return true;
The realm can then be configured in standalone-xml under your security subsystem.然后可以在您的安全子系统下的 standalone-xml 中配置领域。
<security-domain name="JWT">
<authentication>
<login-module code="xx.xx.xx.JWTLoginModule" flag="required">
</login-module>
</authentication>
</security-domain>
The JWTLoginModule is a custom LoginModule which uses the https://github.com/jwtk/jjwt library. JWTLoginModule 是一个自定义 LoginModule,它使用https://github.com/jwtk/jjwt库。 Information on login modules can be found at https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/chap-Login_Modules.html .有关登录模块的信息可以在https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/chap-Login_Modules.html 中找到。 To create your own extend org.jboss.security.auth.spi.AbstractServerLoginModule.创建你自己的扩展 org.jboss.security.auth.spi.AbstractServerLoginModule。
You then need to add these extensions to the modules directory of your eap server with the same module dependencies of org.picketbox module.然后,您需要将这些扩展添加到您的 eap 服务器的模块目录中,并具有与 org.picketbox 模块相同的模块依赖项。
This completes the server setup.这样就完成了服务器设置。 Now you need to instruct your application to use this setup:现在您需要指示您的应用程序使用此设置:
In your WEB-INF directory create: jboss-web.xml as在您的 WEB-INF 目录中创建:jboss-web.xml as
<jboss-web>
<security-domain>JWT</security-domain>
<valve>
<class-name>xx.Authentication</class-name>
</valve>
</jboss-web>
and jboss-deployment-structure which loads in the custom module和在自定义模块中加载的 jboss-deployment-structure
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="xx.custom"/>
</dependencies>
</deployment>
</jboss-deployment-structure>
Finally in your web.xml file change your auth-method to "JWT".最后在您的 web.xml 文件中将您的身份验证方法更改为“JWT”。
Intending on creating a open source version of this but until then this will have to do.打算创建一个开源版本,但在那之前这将不得不做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.