stackoom
  简体   繁体   中英

Where to place security configuration file in WAR?

 原文  2010-12-12 15:38:22       java/ jaas

Question

I'm trying to use JAAS for authentication in my WAR. I understand that my configuration file ( another link ) should be placed somewhere (as explained here ). Unfortunately, I can't understand where exactly, if we're talking about WAR? And how to name the file? 

// JAAS has to find the file and retrieve "foo" from it
LoginContext ctx = new LoginContext("foo", this);

3 answers

solution1
 7  2012-07-19 09:37:53

I had the same problem and I wanted to see if I couldn't dynamically set this property based on the current classpath (which would be located inside the war itself). 

public class SecurityListener implements ServletContextListener {
    public SecurityListener() {
    }

    @Override
    public void contextDestroyed(ServletContextEvent arg0) {
    }

    @Override
    public void contextInitialized(ServletContextEvent arg0) {
        if(System.getProperty("java.security.auth.login.config") == null) {
            String jaasConfigFile = null;
            URL jaasConfigURL = this.getClass().getClassLoader().getResource("login.conf");
            if(jaasConfigURL != null) {
                jaasConfigFile = jaasConfigURL.getFile();
            }
            System.setProperty("java.security.auth.login.config", jaasConfigFile);
        }
    }
}

Obviously, you need to add the listener to your web.xml: 

<listener>
    <listener-class>example.SecurityListener</listener-class>
</listener>

What this does is set the property java.security.auth.login.config upon instantiation of the web application if it has not yet been defined. This means you could throw it in your source folder and load it automatically if not otherwise redefined elsewhere. I have tested this and it works on Tomcat 6.

So, for example if your tomcat installation was in "C:\\program files\\tomcat6\\" with your war deployed in "C:\\program files\\tomcat6\\webapps\\mywar", the path it would find would be "C:\\program files\\tomcat6\\webapp\\mywar\\WEB-INF\\classes" which is always accurate. Not sure if this solution also works with other web applications, but I would imagine so since login.conf is going to be where the classpath root is.

Hope that helps!

solution2
 6  2016-10-14 07:44:52

您可以在jar中封装client_jaas.conf,并使用代码动态指定配置

System.setProperty("java.security.auth.login.config", XXX.class.getClassLoader().getResource("client_jaas.conf").toString());

solution3
 2  2011-03-03 15:20:17

Unfortunately the only way I was able to get it to work was to create a file jass.conf and specify it using either:

  • In the Tomcat java parameters: 

     -Djava.security.auth.login.config==c:\\\\path\\\\To\\\\file.conf

  • or from within the Java code: 

     System.setProperty("java.security.auth.login.config","c:\\\\path\\\\To\\\\file.conf");

I'd also like to know a better way to specify the configuration. I want to package that configuration in my WAR.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Where to place configuration file / security? Where to place a configuration file outside application war Where does Eclipse place the .war file? What is the best place to store a configuration file in a Java web application (WAR)? Java SpringMVC where to place the RepositoryRestMvcConfiguration (@Configuration) file Deploying WAR file with configuration Where to place c3p0 properties in configuration file? Is it possible to provide security for war file? Where is the “right” place to put WAR dependencies? context root configuration within WAR file in Tomcat 7
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM