Interstage Application Server シングル・サインオン運用ガイド
目次 索引 前ページ次ページ
第5章 アプリケーションの開発 > 5.1 Javaアプリケーションの開発

5.1.2 プログラムの開発

 ここでは、シングル・サインオンJavaAPIを利用するプログラムの開発を行います。シングル・サインオンJavaAPIはJAASのフレームワークを利用しています。ここではサンプルコードISSsoJaas.javaの例を用いて処理を説明します。このサンプルコードは、画面から入力したユーザID/パスワードで認証サーバに対して認証を行い、セキュリティポリシーに従ってJAASの認可を行うアプリケーションです。

image

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.fujitsu.interstage.sso.auth.ISAuthenticationCredential;
import com.fujitsu.interstage.sso.auth.ISAuthorizationCredential;
import com.fujitsu.interstage.sso.auth.callback.ISCallbackHandler;

public class ISSsoJaas{
  private Subject subject;
  public ISSsoJaas(){
    subject = new Subject();
  }
  public boolean login() throws Exception{
  LoginContext loginContext = null;
    BufferedReader reader = null;
    reader = new BufferedReader(new InputStreamReader(System.in));
    // attempt 3 times
    for (int i=0 ; i<3; i++) {
      // username is set from prompt
      System.out.print("UserName=");
      String username = reader.readLine();
      // password is set from prompt
      int PASSWORD_MAX_LENGTH = 128;
      char[] tmp = new char[PASSWORD_MAX_LENGTH];
      System.out.print("Password=");
      int count = reader.read(tmp);
      int lineSeparatorLength = System.getProperty("line.separator").length();
      char[] password = new char[count - lineSeparatorLength];
      System.arraycopy(tmp, 0, password, 0, password.length);
      // callback is created here by userid and password
      // CallbackHandlerのインスタンス化
      CallbackHandler myHandler = new ISCallbackHandler(username, password);
      // create LoginContext object
      // LoginContextのインスタンス化
      loginContext = new LoginContext(
          "com.fujitsu.interstage.sso", subject, myHandler);
      // LoginContextのloginメソッドの呼び出し
      try{
        loginContext.login();
        return true;
      }
      catch(FailedLoginException ex){
        System.out.println("Authenticate failed");
        continue;
      }
      finally {
        Arrays.fill(password,' ');
        Arrays.fill(tmp,' ');
      }
    }
    return false;
  }
  public void authorize(){
    System.out.println("\n" + "*** Credential Information ***");
    // get privateCredential Set
    // 利用者情報の取得
    Set credentials = subject.getPrivateCredentials();
    // display credential information
    Iterator iterator = credentials.iterator();
    while (iterator.hasNext()) {
      Object credential = iterator.next();
      // this credential identify Authentication server
      if (credential instanceof ISAuthenticationCredential){
        ISAuthenticationCredential isCredential =
          (ISAuthenticationCredential) credential;
        System.out.println("AuthenticationCredential=" +
                isCredential.getEncryptedCredential());
      }
      // this credential identify login user
      if (credential instanceof ISAuthorizationCredential){
        ISAuthorizationCredential isCredential =
          (ISAuthorizationCredential) credential;
        System.out.println("AuthorizationCredential=" +
                isCredential.getEncryptedCredential());
        System.out.println("Dn=" + isCredential.getDN());
        System.out.println("Uid=" + isCredential.getUID());
        Set roles = isCredential.getRoles();
        if (roles != null) {
          Iterator ite = roles.iterator();
          while(ite.hasNext()){
            System.out.println("Role=" + ite.next());
          }
        }
        System.out.println("ClientAddress=" +
          isCredential.getClientAddress());
        System.out.println("AuthMethod=" +
          isCredential.getAuthMethod());
        System.out.println("AuthTime=" + isCredential.getAuthTime());
        System.out.println("Expiration=" +
          isCredential.getExpiration());
        Map extras = isCredential.getExtraData();
        if (extras != null) {
          Iterator ite = extras.keySet().iterator();
          while(ite.hasNext()){
            Object key =ite.next();
            Object value = extras.get(key);
            System.out.println(key + "=" + value);
          }
        }
      }
    }
    System.out.println("\n" + "*** Principals Information ***");
    // display principal information
    // 利用者情報の取得
    Set principals = subject.getPrincipals();
    iterator = principals.iterator();
    while (iterator.hasNext()) {
      Principal principal = (Principal)iterator.next();
      System.out.println("Principal=" + principal.getName());
    }
    System.out.println("\n" + "*** Execute PrivilegedAction ***");
    // Privileged operation execute by the attested authority.
    // 認可の実行
    PrivilegedAction myAction = new ISSsoAction();
    subject.doAs(subject, myAction);
  }

  public static void main(String args[]) {
    ISSsoJaas sample = new ISSsoJaas();
    try{
      if (sample.login()) {
        sample.authorize();
      }
      else{
        System.out.println("Login failed");
      }
    }
    catch(Exception ex){
      ex.printStackTrace();
    }
  }
}

下へ5.1.2.1 CallbackHandlerのインスタンス化
下へ5.1.2.2 LoginContextのインスタンス化
下へ5.1.2.3 LoginContextのloginメソッドの呼び出し
下へ5.1.2.4 利用者情報の取得
下へ5.1.2.5 認可の実行
目次 索引 前ページ次ページ
All Rights Reserved, Copyright(C) 富士通株式会社 2003