package org.company.iYou;
import com.sun.appserv.security.AppservPasswordLoginModule;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import javax.sql.DataSource;/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/**
*
* @author kampu
*/
public class CustomLoginModule extends AppservPasswordLoginModule { @Override
protected void authenticateUser() throws LoginException {
String groups[]={null};
try {
//从realm获取数据库信息,连接到数据库
String query = "SELECT USER_PASSWORD,PLAY_ROLE FROM USERS WHERE USER_NAME=?";
//datasource-jndi是domain.xml配置中JDBCRealm引用的数据库对象的JNDI名 String connectString = this._currentRealm.getProperty("datasource-jndi");
System.out.println("THE REALM IS :"+this._currentRealm.toString());
// JDBCRealm realm=(JDBCRealm)this._currentRealm;
System.out.println("connectString is "+connectString);
Connection connection = this.getConnection(connectString);
System.out.println("User name is:"+this._username);
PreparedStatement ps = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_SENSITIVE, ResultSet.CONCUR_READ_ONLY);
ps.setString(1, this._username);
ResultSet rs = ps.executeQuery();
rs.first();
String password = rs.getString(1);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(this._password.getBytes());
byte[] digested = md.digest();
String hexPassword = this.byte2hex(digested);
if (hexPassword.equals(password)) {
groups[0]=rs.getString(2);
System.out.println("User name:"+this._username);
System.out.println("PLAY role:"+groups[0]);
//this._groupsList=groups; }
rs.close();
connection.close();
//从CallbackHandler中获取用户、密码进行验证 // populate grpList with the set of groups to which
// _username belongs in this realm, if any } catch (NoSuchAlgorithmException ex) {
Logger.getLogger(CustomLoginModule.class.getName()).log(Level.SEVERE, null, ex);
} catch (SQLException ex) {
Logger.getLogger(CustomLoginModule.class.getName()).log(Level.SEVERE, null, ex);
}
this.commitUserAuthentication(groups);
} public String byte2hex(byte[] b) // 二行制转字符串
{
String hs = "";
String stmp = "";
for (int n = 0; n < b.length; n++) {
stmp = (java.lang.Integer.toHexString(b[n] & 0XFF));
if (stmp.length() == 1) {
hs = hs + "0" + stmp;
} else {
hs = hs + stmp;
}
} return hs.toUpperCase();
} public Connection getConnection(String jndiSource) {
Connection connection = null;
try {
//EJB Port
//EJB Port
Context ctx = new InitialContext();
DataSource ds = (DataSource) ctx.lookup(jndiSource); try {
connection = ds.getConnection();
} catch (SQLException ex) {
Logger.getLogger(CustomLoginModule.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (NamingException ex) {
Logger.getLogger(CustomLoginModule.class.getName()).log(Level.SEVERE, null, ex);
}
return connection;
}}
Glassfish 3.0.1环境,验证后出现页面403错误。
使用JDBCRealm+上面定义的LoginModule。
以上代码工作正常,还需要做些什么?求高手解答JDBCRealm与LoginModule之间交互的关系
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货