stackoom
  简体   繁体   中英

Securing JAAS config file

 原文  2014-01-09 20:46:45       java/ jaas

Question

I'm developing a Java application which is run in Windows domain environment. To authenticate users I'm using Krb5LoginModule available in JAAS. JAAS Login Configuration File (let's call it jaas.conf) is embedded in application jar, which is stored on network share (read-only access).

Now every user can copy the application jar to his local disk, edit jaas.conf, and set his own LoginModule which would allow him to act as different user.

Is there any way to prevent this? How to secure the application?

1 answers

solution1
 -2  2014-01-09 21:13:45

Usr e Pwd must be provided by user. You have to call your own login interface where the user can provide username and password. Why you want put the usr&pwd into the jaas.conf?

Anyway, if you want to lock the usr&pwd you can

  1. use certificate
  2. crypt into the file
  3. write into a code

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JAAS Realm load internal config file JAAS login configuration error on Tomcat. Unable to loas JAAS config file How to specify JAAS config file with jetty-maven-plugin 10 Kafka authentication with Jaas config Kafka “Login module not specified in JAAS config” Flex file upload with HTTPS and JAAS? Kafka Streams: Login module control flag not specified in JAAS config Adding sasl.jaas.config to Kafka MDB on payara Java Kafka Client Dynamic Sasl Jaas config update Granting URL Permission in policy file in JAAS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM