如何做摄影网站,游戏代理平台,网页设计实训报告范文,租车公司i knew that and it works, but I need to retrieve subject to get also roleprincipal不幸的是,它在Java EE中的工作方式不同. JAAS主题只是一个“主要包”,其中哪些代表用户/调用者主体和/或角色主体根本不是标准化的.每个其他容器在这里做不同的事情. Javadoc for Tomcat’…i knew that and it works, but I need to retrieve subject to get also roleprincipal不幸的是,它在Java EE中的工作方式不同. JAAS主题只是一个“主要包”,其中哪些代表用户/调用者主体和/或角色主体根本不是标准化的.每个其他容器在这里做不同的事情. Javadoc for Tomcat’s JAASRealm描述了这一点并解释了Tomcat特定约定(强调我的)The JAAS Specification describes the result of a successful login as ajavax.security.auth.Subject instance, which can contain zero or morejava.security.Principal objects in the return value of theSubject.getPrincipals() method. However, it provides no guidance onhow to distinguish Principals that describe the individual user (andare thus appropriate to return as the value ofrequest.getUserPrincipal() in a web application) from the Principal(s)that describe the authorized roles for this user. To maintain as muchindependence as possible from the underlying LoginMethodimplementation executed by JAAS, the following policy is implementedby this Realm: […]除此之外,从Java EE环境中,您甚至很少能够访问JAAS主题,甚至通常不会通过供应商特定的方法. JAAS远不是您认为的通用标准,特别是当它涉及Java EE时.您可以以可移植方式访问的唯一内容是调用者主体和与之关联的角色,但即使这些内容也不一定是您的JAAS登录模块构造的确切调用者主体.例如,JBoss AS使用自己的类复制此主体几次.因此,如果您的JAAS模块将kaz.zak.FooPrincipal存储到用户/调用者主体的Subject中,则HttpServletRequest#getUserPrincipal()可能会返回org.jboss.security.SimplePrincipal.唯一保证的是该实例上的getName()将返回相同的字符串.有关此主题的更多背景知识最后一个来源基本上用不同的措辞说同样的事情;Although it is possible to use JAAS within Tomcat as an authenticationmechanism (JAASRealm), the flexibility of the JAAS framework is lostonce the user is authenticated. This is because the principals areused to denote the concepts of “user” and “role”, and are no longeravailable in the security context in which the webapp is executed. Theresult of the authentication is available only throughrequest.getRemoteUser() and request.isUserInRole().This reduces the JAAS framework for authorization purposes to a simple user/role system that loses its connection with the Java Security Policy.
