我用jboss sso和oracle实现的小例子(没有使用jaas)
1、jboss-sso.sar/conf/sso.cfg.xml部分配置:
(这里的数据库连接是OracleLoginProvider,也要注意<property name="trustServer">写的正确)
<jboss-sso>
<identity-management>
<login>
<provider id="si:my:oracle:login" class="my.security.OracleLoginProvider">
<property name="connectionURL">jdbc:oracle:thin:@localhost:1521:orcl</property>
<property name="username">user</property>
<property name="password">pass</property>
<property name="existsSQL">select 'ok' from user_table where login_id=?</property>
<property name="loginSQL">select 'ok' from user_table where login_id=? and password=?</property>
</provider>
</login>
</identity-management>
<sso-processor>
<processor class="org.jboss.security.saml.JBossSingleSignOn">
<property name="trustServer">http://zjftest1.jboss.com:8080/federate/trust</property>
</processor>
</sso-processor>
</jboss-sso>
2、确保context.xml在WAR文件的WEB-INF下配置
这是使用自己的认证机制指示Web应用程序:
<?xml version="1.0"?>
<Context>
<!-- a federation routing valve -->
<!--
This valve eliminates the need for cross domain federation links
to be of the form /federate?target={some link in the other domain}
With this link, your link can be straight to the resource in the
other domain
provider="si:my:oracle:login"是sso.cfg.xml中provider的id
-->
<Valve className="org.jboss.security.valve.SSOFederationRouter"/>
<Valve className="org.jboss.security.valve.PlainSSOAutoLogout" logoutURL="/testoracle/plain/logout.jsp" />
<Valve className="org.jboss.security.valve.PlainSSOTokenManager" assertingParty="jboss_sso_testeroracle" />
<Valve className="org.jboss.security.valve.PlainSSOAutoLogin" authType="FORM" provider="si:my:oracle:login"/>
</Context>
注:
1)当用例执行验证您的Web应用程序内通过登录屏幕或其他一些机制的一部分,执行这一过程中,当登录成功,发送通知的这个事件,在SSO引擎使用以下API调用:
org.jboss.security.saml.SSOManager. processManualLoginNotification(HttpServletRequest request,String user)
2)当SSOEngine执行自动登入响应一个值得信赖SSOToken ,它将把下列通知您LoginProvider :
processSSOLoginNotification(LoginContext)
在这里,你可以处理任何Web应用程序所需的环境设置的身份验证的用户session
注意:当使用此方式的认证, Web应用程序将能够获得特等登录到该系统使用以下API呼叫:
org.jboss.security.saml.SSOManager.getUserPrincipal(HttpServletRequest)
3、jboss-federation-server.ear/jboss-federation-server.sar/conf下server.cfg.xml
<?xml version='1.0' encoding='ISO-8859-1'?>
<jboss-sso>
<!--
partners configuration of the federation server...
partners are the collection of sites which are part of the Single Sign On Federation
it lists the web domains and their corresponding federation servers in this domain
-->
<federation-server>
<partners>
<partner domain="jboss.com" server="http://zjftest1.jboss.com:8080/federate"/>
<partner domain="jboss.org" server="http://zjftest2.jboss.com:8080/federate"/>
</partners>
</federation-server>
</jboss-sso>
注:不要忘了把OracleLoginProvider.class打成jar包放在jboss-sso.sar/下,当然还有oracle数据库驱动
4、
在C:/WINDOWS/system32/drivers/etc下加入:
127.0.0.1 zjftest1.jboss.com
127.0.2.1 zjftest2.jboss.com
5、在jboss-sso-testoralce.ear/META-INF/下的application.xml里
<module>
<web>
<web-uri>testoracle.war</web-uri>
</web>
</module>
是ear下war包的名字,如果修改了,不要忘记该哟。
6、我的OracleLoginProvider源代码如下:
package test.post;
import java.security.Principal;
import java.sql.*;
import java.util.Collection;
import java.util.Properties;
import org.jboss.security.idm.Identity;
import org.jboss.security.idm.IdentityException;
import org.jboss.security.idm.LoginContext;
import org.jboss.security.idm.LoginProvider;
public class OracleLoginProvider implements LoginProvider{
static { // is there a better way to do this?
try {
java.sql.DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
} catch (SQLException e) {
e.printStackTrace();
}
}
private Properties props;
private String id;
public OracleLoginProvider() {
}
public void setId(String id) throws IdentityException {
this.id=id;
}
public String getId() throws IdentityException {
return this.id;
}
public boolean exists(Principal principal) throws IdentityException {
return exists(principal.getName());
}
public boolean exists(String username) throws IdentityException {
Connection conn = connect();
// username and existsQuery are set in sso.cfg.xml
String username1 = props.getProperty("username");
String sql = props.getProperty("existsSQL");
System.out.println("-----------existsSQL:"+sql);
try {
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString(1, username);
ResultSet rs = ps.executeQuery();
System.out.println("---------exists----------------");
return rs.next();
} catch (SQLException e) {
e.printStackTrace();
}
finally {
try {
conn.close();
} catch (SQLException e) {
e.printStackTrace();
}
}
return false;
}
public Identity read(Principal principal) throws IdentityException {
return read(principal.getName());
}
public Identity read(String username) throws IdentityException {
Identity ident = new Identity();
ident.setUserName(username);
// need to set roles too.
return ident;
}
public boolean login(Principal principal, byte[] password) throws IdentityException {
return false;
}
public boolean login(String username, byte[] password) throws IdentityException {
//在这里只是验证了用户名
return exists(username);
}
public void processSSOLoginNotification(LoginContext loginContext) throws IdentityException {
}
public Collection readAllRoles() throws IdentityException {
return null;
}
public void setProperties(Properties properties) throws IdentityException {
this.props = properties;
}
private java.sql.Connection connect () {
// connectionURL, username and password are set in sso.cfg.xml
String url = this.props.getProperty("connectionURL");
String username = this.props.getProperty("username");
String password = this.props.getProperty("password");
try {
return DriverManager.getConnection(url, username, password);
} catch (SQLException e) {
e.printStackTrace();
}
return null;
}
}