無法配置JAAS身份驗證
[英]Unable to configure JAAS authentication
問題描述
我想對我的Web應用程序使用JAAS身份驗證。 我無法弄清楚錯誤在哪里。 我沒有收到任何錯誤消息,但登錄部分無法正常工作。
我有一個Html頁面(index.html)作為首頁。 登錄時獲取用戶名和密碼並將其帶到servlet。
的index.html
<html>
<head>
<title>Login
</title>
</head>
<body>
<br><br>
<center>
<h1>Railway Reservation</h1>
<br><br>
<form action="Authentication" method="post">
User Name:<input type="text" name="user"><br><br>
Password:<input type="password" name="pass"><br><br>
<input type="submit" value="Login">
</form>
</center>
</body>
</html>
Authentication.java
import java.io.*;
import java.sql.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.WebServlet;
import javax.security.auth.login.*;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
public class Authentication extends HttpServlet
{
public Authentication()
{
super();
}
protected void doPost(HttpServletRequest request,HttpServletResponse response) throws ServletException,IOException
{
response.setContentType("text/html");
PrintWriter pw = response.getWriter();
pw.println("hiii");
String user = request.getParameter("user");
String password = request.getParameter("pass");
pw.println(user + " " + password );
if((user!=null)&&(password!=null))
{
pw.println("if");
CBHandler cbhandler = new CBHandler(user,password);
boolean authFlag = true;
try
{
HttpSession session = request.getSession();
session.setAttribute("username",user);
pw.println("inside try block");
System.setProperty("java.security.auth.login.config","jaas.config");
LoginContext loginContext = new LoginContext("Railway",cbhandler);
loginContext.login();
pw.println("try ");
}
catch(LoginException e)
{
pw.println(e);
e.printStackTrace();
authFlag = false;
pw.println("hello");
}
if(authFlag)
{
pw.println(user + " " + password);
pw.println("Authentication success...");
Connection con = DB.getDBconnection();
if(con!=null)
{
String sql = "select role from login where uname=?";
try
{
PreparedStatement pst = con.prepareStatement(sql);
pst.setString(1,user);
ResultSet rs = pst.executeQuery();
rs.next();
String role = rs.getString("role");
if(role.equals("user"))
response.sendRedirect("user.jsp");
else
response.sendRedirect("admin.jsp");
}
catch(Exception e)
{
pw.println(e);
}
}
}
else
pw.println("Authentication failed...");
}
else
{
pw.println("Invalid authentication...");
}
}
}
CBHandler.java
import java.io.*;
import javax.security.auth.callback.*;
public class CBHandler implements CallbackHandler
{
private String user = null;
private String password = null;
public CBHandler(String user,String password)
{
this.user = user;
this.password = password;
}
@Override
public void handle(Callback[] callbackArray) throws IOException,UnsupportedCallbackException
{
int counter = 0;
while(counter < callbackArray.length)
{
if(callbackArray[counter] instanceof NameCallback)
{
NameCallback nameCallback = (NameCallback)callbackArray[counter++];
nameCallback.setName(user);
}
else if(callbackArray[counter] instanceof PasswordCallback)
{
PasswordCallback passwordCallback = (PasswordCallback)callbackArray[counter++];
passwordCallback.setPassword(password.toCharArray());
}
}
}
}
LoginMod.java
import java.util.*;
import java.sql.*;
import java.io.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.* ;
import javax.security.auth.spi.LoginModule;
public class LoginMod implements LoginModule
{
private CallbackHandler callbackHandler = null;
private boolean successFlag = false;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,Map<String,?> sharedState,Map<String,?> options)
{
this.callbackHandler = callbackHandler;
}
@Override
public boolean login() throws LoginException
{
Callback[] callbackArray = new Callback[2];
callbackArray[0] = new NameCallback("User Name: ");
callbackArray[1] = new PasswordCallback("Password : ",false);
try
{
callbackHandler.handle(callbackArray);
}
catch(IOException e)
{
e.printStackTrace();
}
catch(UnsupportedCallbackException e)
{
e.printStackTrace();
}
String name = ((NameCallback) callbackArray[0]).getName();
String password = new String(((PasswordCallback) callbackArray[1]).getPassword());
if((name.equals("root"))&&(password.equals("root")))
{
System.out.println("auth success");
successFlag = true;
}
else
{
successFlag = false;
throw new FailedLoginException ("auth failed");
}
return successFlag;
}
@Override
public boolean commit() throws LoginException
{
return successFlag;
}
@Override
public boolean abort() throws LoginException
{
return false;
}
@Override
public boolean logout() throws LoginException
{
return false;
}
}
的jaas.config
Railway
{
LoginMod required debug=true;
};
當我運行此代碼時,我將其作為輸出
hiii root root if inside try block
這是我得到的錯誤
HTTP Status 500 – Internal Server Error
Type Exception Report
Message java.io.IOException: jaas.config (No such file or directory)
Description The server encountered an unexpected condition that prevented it from fulfilling the request.
Exception
java.lang.SecurityException: java.io.IOException: jaas.config (No such file or directory)
sun.security.provider.ConfigFile$Spi.<init>(Unknown Source)
sun.security.provider.ConfigFile.<init>(Unknown Source)
sun.reflect.GeneratedConstructorAccessor23.newInstance(Unknown Source)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
java.lang.reflect.Constructor.newInstance(Unknown Source)
java.lang.Class.newInstance(Unknown Source)
javax.security.auth.login.Configuration$2.run(Unknown Source)
javax.security.auth.login.Configuration$2.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
javax.security.auth.login.LoginContext$1.run(Unknown Source)
javax.security.auth.login.LoginContext$1.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.LoginContext.init(Unknown Source)
javax.security.auth.login.LoginContext.<init>(Unknown Source)
Authentication.doPost(Authentication.java:37)
javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
Root Cause
java.io.IOException: jaas.config (No such file or directory)
sun.security.provider.ConfigFile$Spi.ioException(Unknown Source)
sun.security.provider.ConfigFile$Spi.init(Unknown Source)
sun.security.provider.ConfigFile$Spi.<init>(Unknown Source)
sun.security.provider.ConfigFile.<init>(Unknown Source)
sun.reflect.GeneratedConstructorAccessor23.newInstance(Unknown Source)
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
java.lang.reflect.Constructor.newInstance(Unknown Source)
java.lang.Class.newInstance(Unknown Source)
javax.security.auth.login.Configuration$2.run(Unknown Source)
javax.security.auth.login.Configuration$2.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
javax.security.auth.login.LoginContext$1.run(Unknown Source)
javax.security.auth.login.LoginContext$1.run(Unknown Source)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.login.LoginContext.init(Unknown Source)
javax.security.auth.login.LoginContext.<init>(Unknown Source)
Authentication.doPost(Authentication.java:37)
javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
1 個解決方案
解決方案1
0 已采納 2019-06-08 10:34:16
我出錯的地方是在java.security文件中給出配置文件的位置,該文件存在於C:\\Program Files\\Java\\jre1.8.0_77\\lib\\security\\java.security 。
在Windows中復制jaas.config文件的路徑時,路徑以反斜杠(/)給出,應使用正斜杠(\\)替換。
例如,它應該像login.config.url.1=file:D:/mani/java/sample_jaas.config而不是login.config.url.1=file:D:\\mani\\java\\sample_jaas.config
我想這對某人有幫助。
沒有JAAS的Kerberos身份驗證?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.