stackoom
  简体   繁体   中英

Why does a LoginContext producer work in a Java EE/Servlet container?

 原文  2014-08-11 11:57:53       java/ servlets/ java-ee-6/ jaas

Question

The opensource Java EE 6 Petstore project implements a LoginContext producer to carry out custom user authentication. Below is the source code.
Why does that work? Is it application server specific or a standard behaviour (for example, enforced by some JSR)? 

 package org.agoncal.application.petstore.security;

import org.agoncal.application.petstore.util.ConfigProperty;

import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import java.io.File;
import java.net.URISyntaxException;

/**
 * @author blep
 *         Date: 16/02/12
 *         Time: 07:28
 */
public class LoginContextProducer {

    // ======================================
    // =             Attributes             =
    // ======================================

    @Inject
    private SimpleCallbackHandler callbackHandler;

    // ======================================
    // =          Business methods          =
    // ======================================

    @Produces
    public LoginContext produceLoginContext(@ConfigProperty("loginConfigFile") String loginConfigFileName,
                                            @ConfigProperty("loginModuleName") String loginModuleName) throws LoginException, URISyntaxException {

        System.setProperty("java.security.auth.login.config", new File(LoginContextProducer.class.getResource(loginConfigFileName).toURI()).getPath());

        try {
            return new LoginContext(loginModuleName, callbackHandler);
        } catch (Exception e) {
            System.out.println("ouch!!!");
            return null;
        }
    }

}

2 answers

solution1
 1  2015-06-08 18:13:18

LoginContext is part of the Java Authentication and Authorization Service (JAAS) .

LoginContextProducer is a CDI "producer" that handles the concern of producing a LoginContext so other classes can inject it. The custom login module is implemented in SimpleLoginModule and it's use is specified in a config file (config.properties).

If you are happy to use the default implementations of JAAS provided by your application server, you don't need to write the custom login module or producer.

solution2
 0  

Taking a look at the project Here the POM Maven , if not let anything escape, these main technologies are being used in this project in question:

  • EJB (Enterprise JavaBeans)
  • JPA (Java Persistence API)
  • JSF (Java Server Faces)
  • Angular (Framework) and AJAX
  • Arquillian (for integral tests)
  • Junit (for unit test)

Running on the GlassFish server.

The j2ee specification 6 here says you can use dependencies, then code is in the standard. If your question was if this project could work with original / native dependencies of J2ee, then I would answer no, you would have the dependencies for this project to be compiled.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How does java LoginContext.login() work? Java EE getting servlet container port Are static members shared across applications in a Java EE compliant servlet container? Why is spawning threads in Java EE container discouraged? Why does my Java servlet filter not work over HTTPS? AngularJS and Java Servlet does not work How does Jakarta/Java EE compatibility work? Autoincrement does not work PostgreSQL - Java EE APP Does Smack work well in Java EE Clover on Java EE Container
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM