堆栈内存溢出
  繁体   English   中英

如何从Jboss EAP中的HTTPServerAuthModule删除身份验证

[英]How to remove authentication from HTTPServerAuthModule in Jboss EAP

 原文  2016-05-02 19:01:50       java/ authentication/ jboss6.x

问题描述

我需要创建一个类似于HTTPBasicServerAuthModule的自定义身份验证模块,该模块不应提示用户名和密码进行身份验证。 因为,我们有一个jwt令牌将为我们处理身份验证,并且我们不需要另一层身份验证。 以下是我的自定义身份验证模块: 

public class CustomJaspiAuthModule extends WebServerAuthModule
{
    protected Context context;
    protected boolean cache = false;
    public static final byte[] AUTHENTICATE_BYTES = {
        (byte) 'W',
        (byte) 'W',
        (byte) 'W',
        (byte) '-',
        (byte) 'A',
        (byte) 'u',
        (byte) 't',
        (byte) 'h',
        (byte) 'e',
        (byte) 'n',
        (byte) 't',
        (byte) 'i',
        (byte) 'c',
        (byte) 'a',
        (byte) 't',
        (byte) 'e'
    };
    protected String delegatingLoginContextName = null;

    public CustomJaspiAuthModule() { }

    public CustomJaspiAuthModule(String delegatingLoginContextName) {
        super();
        this.delegatingLoginContextName = delegatingLoginContextName;
    }

    @Override
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
        // do nothing, just return SUCCESS.
        return AuthStatus.SUCCESS;
    }

    @Override
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
        Request request = (Request) messageInfo.getRequestMessage();
        Response response = (Response) messageInfo.getResponseMessage();

        Principal principal;
        context = request.getContext();
        LoginConfig config = context.getLoginConfig();

        // validate any credentials already included with this request.
        String username = null;
        String password = null;

        MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");

        if (authorization != null) {
            authorization.toBytes();
            ByteChunk authorizationBC = authorization.getByteChunk();

            if (authorizationBC.startsWithIgnoreCase("basic ", 0)) {
                authorizationBC.setOffset(authorizationBC.getOffset() + 6);
                CharChunk authorizationCC = authorization.getCharChunk();
                Base64.decode(authorizationBC, authorizationCC);

                // get username and password from the authorization char chunk.
                int colon = authorizationCC.indexOf(':');
                if (colon < 0) {
                    username = authorizationCC.toString();
                } else {
                    char[] buf = authorizationCC.getBuffer();
                    username = new String(buf, 0, colon);
                    password = new String(buf, colon + 1, authorizationCC.getEnd() - colon - 1);
                }

                authorizationBC.setOffset(authorizationBC.getOffset() - 6);
            }

            principal = context.getRealm().authenticate(username, password);
            if (principal != null) {
                registerWithCallbackHandler(principal, username, password);

                return AuthStatus.SUCCESS;
            }
        }

        // send an "unauthorized" response and an appropriate challenge.
        MessageBytes authenticate = response.getCoyoteResponse().getMimeHeaders().
                addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);

        CharChunk authenticateCC = authenticate.getCharChunk();
        try {
            authenticateCC.append("Basic realm=\"");
            if (config.getRealmName() == null) {
                authenticateCC.append(request.getServerName());
                authenticateCC.append(':');
                authenticateCC.append(Integer.toString(request.getServerPort()));
            } else {
                authenticateCC.append(config.getRealmName());
            }
            authenticateCC.append('\"');
            authenticate.toChars();

            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        } catch (IOException e) {
            // Ignore IOException here (client disconnect)
        }

        return AuthStatus.FAILURE;
    }

}

我相信代码的以下部分是我们得到提示输入用户名和密码警报进行身份验证的原因。 

MessageBytes authenticate = response.getCoyoteResponse().getMimeHeaders().
                addValue(AUTHENTICATE_BYTES, 0, AUTHENTICATE_BYTES.length);

        CharChunk authenticateCC = authenticate.getCharChunk();
        try {
            authenticateCC.append("Basic realm=\"");
            if (config.getRealmName() == null) {
                authenticateCC.append(request.getServerName());
                authenticateCC.append(':');
                authenticateCC.append(Integer.toString(request.getServerPort()));
            } else {
                authenticateCC.append(config.getRealmName());
            }
            authenticateCC.append('\"');
            authenticate.toChars();

            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        } catch (IOException e) {
            // Ignore IOException here (client disconnect)
        }

但是,如果删除此块,则返回的响应很好(200响应),但是返回的请求和响应为空。 请建议我如何删除此身份验证警报。

1 个解决方案

解决方案1
 0 已采纳  2016-05-03 19:30:39

我编写了一个类似于以下内容的自定义身份验证模块,该模块可以满足我的目的: 

public class CustomJaspiAuthModule extends WebServerAuthModule 
{
    private static final String CLASSNAME   = "CustomJaspiAuthModule";
    private static Logger       logger      = Logger.getLogger(CustomJaspiAuthModule.class.getName());

    protected Context context;
    protected String delegatingLoginContextName = null;

    public CustomJaspiAuthModule() { }

    public CustomJaspiAuthModule(String delegatingLoginContextName) 
    {
        super();
        this.delegatingLoginContextName = delegatingLoginContextName;
    }

    @Override
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException 
    {
        // do nothing, just return SUCCESS.
        return AuthStatus.SUCCESS;
    }

    @Override
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException 
    {
        final String METHOD_NAME = "validateRequest";
        logger.logp(Level.INFO, CLASSNAME, METHOD_NAME, "**IN AUTHENTICATION MODULE**CustomJaspiAuthModule.validateRequest()");

        Request request = (Request) messageInfo.getRequestMessage();
        Response response = (Response) messageInfo.getResponseMessage();

        boolean authenticated = false;
        context = request.getContext();
        Principal principal = context.getRealm().authenticate("*", "*");

        Callback[] callbacks = new Callback[] {
                new CallerPrincipalCallback(clientSubject, (Principal) null) };

        if (principal != null) 
        {
            callbacks = new Callback[] { 
                    new CallerPrincipalCallback(clientSubject, principal) };
            authenticated = true;
        } 

        if (authenticated) 
        {
            try 
            {
                callbackHandler.handle(callbacks);
            } 
            catch (final Exception e) 
            {
                throw (AuthException) new AuthException().initCause(e);
            }
            return AuthStatus.SUCCESS;
        }

        return AuthStatus.FAILURE;
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 JBoss EAP 7基本认证不起作用 如何在Jboss eap 6.1.0中的特定URL上设置身份验证 如何配置JBoss EAP 6.3 WebApp以进行Kerberos身份验证 如何在jboss EAP 6.4中从HTTP重定向到HTTPS 如何迁移:JBoss AS 7.1.1-&gt; JBoss EAP 7 如何停止JBoss EAP 6.0.1 如何了解Jboss EAP版本 如何在JBoss EAP 6 / JBoss AS 7中指定MBean名称 JBoss从JBoss AS 4.2 GA迁移到JBoss EAP 6.2 从 JBoss 5.1 EAP 迁移到 Wildfly 10
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM