问题:
如何使JMX加密密码验证工作?
傅砚
我正在使用JMX远程监控我的服务器。但是,jmx-access和jmx密码存储我不想要的清除密码。
接下来是如何为JConsole的密码文件加密密码,如何使JMX自定义身份验证工作?以及如何创建登录模块?,我编写了一个自定义登录模块。
我的登录模块:
public class EncryptedFileLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private String name;
private String password;
private boolean succeeded = false;
public EncryptedFileLoginModule() {
System.out.println("Login Module - constructor called");
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
System.out.println("Login Module - initialize called");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
System.out.println("testOption value: " + (String) options.get("testOption"));
succeeded = false;
}
public boolean login() throws LoginException {
System.out.println("Login Module - login called");
if (callbackHandler == null) {
throw new LoginException("Oops, callbackHandler is null");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("name:");
callbacks[1] = new PasswordCallback("password:", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException("Oops, IOException calling handle on callbackHandler");
} catch (UnsupportedCallbackException e) {
throw new LoginException("Oops, UnsupportedCallbackException calling handle on callbackHandler");
}
NameCallback nameCallback = (NameCallback) callbacks[0];
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
name = nameCallback.getName();
password = new String(passwordCallback.getPassword());
if ("a".equals(name) && "a".equals(password)) {
System.out.println("Success! You get to log in!");
succeeded = true;
return succeeded;
} else {
System.out.println("Failure! You don't get to log in");
succeeded = false;
throw new FailedLoginException("Sorry! No login for you.");
}
}
public boolean abort() throws LoginException {
System.out.println("Login Module - abort called");
return false;
}
public boolean commit() throws LoginException {
System.out.println("Login Module - commit called");
return succeeded;
}
public boolean logout() throws LoginException {
System.out.println("Login Module - logout called");
return false;
}
}
class UserPrincipal implements Principal, Serializable {
private static final long serialVersionUID = -4604480892359393296L;
private String name;
public UserPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return name;
}
public boolean equals(Object o) {
return o instanceof UserPrincipal &&
((UserPrincipal)o).name.equals(name);
}
public int hashCode() {
return name.hashCode();
}
}
class StatePrincipal implements Principal, Serializable {
private static final long serialVersionUID = 8429580270033209093L;
private String state;
public StatePrincipal(String state) {
this.state = state;
}
public String getName() {
return state;
}
public String toString() {
return state;
}
public boolean equals(Object o) {
return o instanceof StatePrincipal && ((StatePrincipal)o).equals(state);
}
public int hashCode() {
return state.hashCode();
}
}
这是我的登录模块配置文件(d:/mysecurity.cfg):
MyLoginModule {
cn.com.singlee.slice.security.EncryptedFileLoginModule REQUIRED
testOption=here_is_an_option;
};
启动服务器时,我使用以下参数:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.ssl=false
-Djava.security.auth.login.config=d:/mysecurity.cfg
-Dcom.sun.management.jmxremote.login.config=MyLoginModule
然而,当我试图用JCsonle连接服务器时,我无法登录。服务器似乎能够使用这些日志输出成功调用自定义身份验证过程:
Login Module - constructor called
Login Module - initialize called
testOption value: here_is_an_option
Login Module - login called
Success! You get to log in!
Login Module - commit called
但是JConsol报告错误(我在调试模式下使用“jconon-debug”启动了JConsol):
java.lang.SecurityException: Access denied! No entries found in the access file [C:\Program Files\Java\jre7\lib\management\jmxremote.access] for any of the authenticated identities []
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.checkAccessFileEntries(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.doNewClient(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.newClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:273)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:251)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:160)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2370)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:296)
at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:366)
at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:314)
at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:295)
该错误指出在jmxremote.access中没有找到经过身份验证的身份。
既然我使用自定义身份验证登录模块,为什么需要jmxremote.access?
此外,即使我在jmxremote中添加了测试用户“a”。访问,错误仍然存在。
有什么线索吗?
共有1个答案
侯池暝
谢谢你的这篇文章,jconsole -debug是一个突破
我相信您缺少的是您尚未在 jmxremote.access 中配置“a”,使用上面的示例,当我更改几行时,它对我有用
注意添加了
user = new JMXPrincipal(name);
并使用“jmxremote.access”中未注释的行
controlRole readwrite
希望这能帮助到其他同样情况的程序员。
public class EncryptedFileLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private JMXPrincipal user;
private String name;
private String password;
private boolean succeeded = false;
public EncryptedFileLoginModule() {
System.out.println("Login Module - constructor called");
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
System.out.println("Login Module - initialize called");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
System.out.println("testOption value: " + (String) options.get("testOption"));
succeeded = false;
}
public boolean login() throws LoginException {
System.out.println("Login Module - login called");
if (callbackHandler == null) {
throw new LoginException("Oops, callbackHandler is null");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("name:");
callbacks[1] = new PasswordCallback("password:", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException("Oops, IOException calling handle on callbackHandler");
} catch (UnsupportedCallbackException e) {
throw new LoginException("Oops, UnsupportedCallbackException calling handle on callbackHandler");
}
NameCallback nameCallback = (NameCallback) callbacks[0];
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
name = nameCallback.getName();
password = new String(passwordCallback.getPassword());
if ("controlRole".equals(name) && "a".equals(password)) {
System.out.println("Success! You get to log in!");
// Create a new user principal
user = new JMXPrincipal(name);
succeeded = true;
return succeeded;
} else {
System.out.println("Failure! You don't get to log in");
succeeded = false;
throw new FailedLoginException("Sorry! No login for you.");
}
}
public boolean abort() throws LoginException {
System.out.println("Login Module - abort called");
return false;
}
public boolean commit() throws LoginException {
System.out.println("Login Module - commit called");
subject.getPrincipals().add(user);
return succeeded;
}
public boolean logout() throws LoginException {
System.out.println("Login Module - logout called");
user = null;
succeeded = false;
return false;
}
}
class UserPrincipal implements Principal, Serializable {
private static final long serialVersionUID = -4604480892359393296L;
private String name;
public UserPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return name;
}
public boolean equals(Object o) {
return o instanceof UserPrincipal &&
((UserPrincipal)o).name.equals(name);
}
public int hashCode() {
return name.hashCode();
}
}
class StatePrincipal implements Principal, Serializable {
private static final long serialVersionUID = 8429580270033209093L;
private String state;
public StatePrincipal(String state) {
this.state = state;
}
public String getName() {
return state;
}
public String toString() {
return state;
}
public boolean equals(Object o) {
return o instanceof StatePrincipal && ((StatePrincipal)o).equals(state);
}
public int hashCode() {
return state.hashCode();
}
}
类似资料:
-
我正在使用以下代码创建哈希密码和salt: 我正在数据库中存储HashedPassword和Salt。 现在我要验证用户登录时的密码: 这不起作用,我得到了一个完全不同的哈希密码,而不是存储在数据库中的密码。据我所知,您应该在用户登录时输入的密码之前预置salt,然后运行相同的哈希密码函数。上面不是等价于那个吗?
-
我使用以下代码使用PBKDF2对密码进行哈希: 如何验证身份验证的密码?看来我需要拿到用来哈希密码的盐。我怎么拿到?请注意,我没有使用单独的字段来存储哈希。数据库中只存储散列密码。
-
我试图理解Maven 3的[password encryption(密码加密)功能。我发现这个功能的文档记录很差,令人困惑。例如,功能文档和该功能作者的博客文章在几个方面相互矛盾。 这个问题比maven-encrypt master password如何工作更广泛,maven encrypt master password选择密码的良好实践没有涵盖。 具体来说,我试图回答以下文件中未涉及的问题。我
-
我正在尝试使用“新密码”解决方案来满足客户的要求。 我有这样的要求:< br> 1 -新密码必须是8 - 13个字符,< br> 2 -密码必须包含数字,< br> 3 -密码必须包含大小写字母,< br> 4 -密码不得包含用户名,最后< br> 5 -密码之前不得使用。 我不是Javascript方面的专家,我一直在尝试将所有这些要求放在一个脚本中,但我不知道如何解决这个要求的第1,4,5部分
-
问题内容: 因此,我必须创建验证密码是否有效的代码: 至少8个字符长 包含至少1个数字 包含至少1个大写字母 这是代码: 我不确定出什么问题,但是当我输入带有数字的密码时-它会一直告诉我我需要一个带有数字的密码。有什么办法吗? 问题答案: 您可以将模块用于正则表达式。 有了它,您的代码将如下所示:
-
主要内容:使用方式,实例演示jQuery Password Validation(密码验证)插件扩展了 jQuery Validate 插件,提供了两种组件: 一种评价密码的相关因素的功能:比如大小写字母的混合情况、字符(数字、特殊字符)的混合情况、长度、与用户名的相似度(可选的)。 一种使用评价功能显示密码强度的验证插件自定义方法。显示的文本可以被本地化。 您可以简单地自定义强度显示的外观、本地化消息显示,并集成到已有的表