zoukankan      html  css  js  c++  java

  • 使用JAAS登录kerberos服务器

    java代码:

    package com.snsprj.jaas0822;

import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
import com.sun.security.auth.callback.TextCallbackHandler;

/**
 * This JaasAcn application attempts to authenticate a user
 * and reports whether or not the authentication was successful.
 *
 * Created by skh on 2017/8/22.
 */
public class JaasAcn {
    public static void main(String[] args) {

        String path = "/workspace/idea/ssm/src/test/java/com/snsprj/jaas0822/";

        System.setProperty("java.security.auth.login.config", path + "");

        System.setProperty("java.security.krb5.conf", path + "krb5.conf");

//        System.setProperty("java.security.krb5.realm", "SNSPRJ.COM");
//        System.setProperty("java.security.krb5.kdc", "kerberos.snsprj.com");

        // sun.security.krb5.debug
        System.setProperty("sun.security.krb5.debug", "true");

        // Obtain a LoginContext, needed for authentication. Tell it
        // to use the LoginModule implementation specified by the
        // entry named "JaasSample" in the JAAS login configuration
        // file and to also use the specified CallbackHandler.
        LoginContext lc = null;
        try {
            lc = new LoginContext("JaasSample", new TextCallbackHandler());

            // attempt authentication
            try {
                lc.login();
            } catch (LoginException le) {
                le.printStackTrace();
                System.err.println("Authentication failed:");
                System.err.println("  " + le.getMessage());
                System.exit(-1);
            }

        } catch (LoginException le) {
            System.err.println("Cannot create LoginContext. " + le.getMessage());

        } catch (SecurityException se) {
            System.err.println("Cannot create LoginContext. " + se.getMessage());
            System.exit(-1);
        }

        System.out.println("Authentication succeeded!");

    }
}

    这里有两个配置文件,其中jaas.conf配置如下:

    /** Login Configuration for the JaasAcn and
 ** JaasAzn Applications
 **/

JaasSample {
   com.sun.security.auth.module.Krb5LoginModule required debug=true refreshKrb5Config=true;
};

    krb5.conf可以直接从kerberos服务器中copy过来使用即可,配置内容如下:

    # Configuration snippets may be placed in this directory as well

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = SNSPRJ.COM
 default_ccache_name = KEYRING:persistent:%{uid}

 # use tcp
 udp_preference_limit = 1
# kdc_timeout = 60000

[realms]
  SNSPRJ.COM = {
    kdc = kerberos.snsprj.com
    admin_server = kerberos.snsprj.com
  }

[domain_realm]
  .snsprj.com = SNSPRJ.COM
  snsprj.com = SNSPRJ.COM

    参考资料:

    JAAS Authentication:http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/AcnOnly.html
  • 相关阅读:
    java常用容器简要性能分析(List。Map。Set)
    初始化 List 的五种方法(java)【转】
    线程池方式对数组多线程随机取出分析
    Spring文件下载方式整理
    阿里云linux安装Consul启动
    Java字节流&字符流的转换
    VUE中字符串实现JSON格式化展示。
    java中URL作为参数前后端传递分析
    Java实现GBK转码到UTF-8(文件)
    python处理Excel文件
  • 原文地址:https://www.cnblogs.com/xxoome/p/7423922.html
Copyright © 2011-2022 走看看