问题
I have created a custom authentication provider that checks if a user exists in a datasource and allows it to login or not.
Now I also have to check the roles of that user, but I don't understand if the same provider can take care of Authentication and Role mapping or if I have to do another provider.
I had tried to created another provider, for the role mapping, but I can't find it, or not looking in the right place to configurate it, but my MBean type also doesn't any configs to be inserted.
Can anyone help me with this? I tried to find examples of role mapping, with no luck.
Thanks
回答1:
Have a look at the Oracle Guide: How to Develop a Custom Role Mapping Provider
The process is very similiar to creating an authentication Provider, the only difference are the interfaces you have to implement.
Now for my Implementation (I assume knowledge about MBean Provider Creation using the WebLogicMBeanMaker, since you already created an Authentication Provider): You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.
The Config File:
<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">
<MBeanType
Name = "MYRoleMapper"
DisplayName = "MYRoleMapper"
Package = "MY.security"
Extends = "weblogic.management.security. authorization.RoleMapper"
PersistPolicy = "OnUpdate"
>
<MBeanAttribute
Name = "ProviderClassName"
Type = "java.lang.String"
Writeable = "false"
Preprocessor = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
Default = ""MY.security.MYRoleMapperProviderImpl""
/>
<MBeanAttribute
Name = "Description"
Type = "java.lang.String"
Writeable = "false"
Default = ""MY RM provider ""
/>
<MBeanAttribute
Name = "Version"
Type = "java.lang.String"
Writeable = "false"
Default = ""1.2""
/>
</MBeanType>
The Actual Provider MYRoleMapperProviderImpl.java:
public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
private String description;
private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));
private final static String RESSOURCE_URL = "<url>";
private final static String RESSOURCE_EJB = "<ejb>";
private enum rollen {
READER;
}
@Override
public void initialize(ProviderMBean mbean, SecurityServices services) {
description = mbean.getDescription() + "\n" + mbean.getVersion();
}
@Override
public String getDescription() {
return description;
}
@Override
public void shutdown() {
}
@Override
public RoleMapper getRoleMapper() {
return this;
}
@Override
public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
Set<Principal> principals = subject.getPrincipals();
for (Resource res = resource; res != null; res = res.getParentResource()) {
getRoles(res, principals, roles);
}
if (roles.isEmpty()) {
return NO_ROLES;
}
return roles;
}
private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));
}
}
}
And an absolute simple Role Implementation:
package MY.security;
import weblogic.security.service.SecurityRole;
public class MYSecurityRoleImpl implements SecurityRole {
private String _roleName;
private String _description;
private int _hashCode;
public MYSecurityRoleImpl(String roleName, String description)
{
_roleName = roleName;
_description = description;
_hashCode = roleName.hashCode() + 17;
}
public boolean equals(Object secRole)
{
if (secRole == null)
{
return false;
}
if (this == secRole)
{
return true;
}
if (!(secRole instanceof MYSecurityRoleImpl))
{
return false;
}
MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;
if (!_roleName.equals(anotherSecRole.getName()))
{
return false;
}
return true;
}
public String toString () { return _roleName; }
public int hashCode () { return _hashCode; }
public String getName () { return _roleName; }
public String getDescription () { return _description; }
}
来源:https://stackoverflow.com/questions/33020810/weblogic-providers