如何使用独立的Java客户端将WAFFLE用于SSO

问题描述 投票:2回答:3

[我们正在尝试通过带有JAAS的独立Java客户端将WAFFLE用于SSO。我们在jaas.conf中提到了waffle.jaas.WindowsLoginModule,但它提示输入用户名和密码,我们认为这不是SSO的理想解决方案。有人可以建议如何避免这种情况吗?

仅供参考-我们没有使用任何Web /应用服务器。

java kerberos jaas waffle kerberos-delegation
3个回答
1
投票

我相信您需要SSO的服务器和客户端。您可以看一下this example,它不使用登录模块,而是包含在WAFFLE中的基础WindowsSecurityContext类来回传递kerberos令牌以获取登录用户。

0
投票

以下是使用独立Java客户端进行单点登录的步骤。1.创建客户凭证2.使用WindowsSecurityContextImpl的initializeSecurityContext获取服务票证。3.使用WindowsAuthProviderImpl的accessSecurityContext获取WindowsIdentity

下面是链接和下面的代码。https://exceptionshub.com/getting-kerberos-service-ticket-using-waffle-in-java.html

    import com.sun.jna.platform.win32.Sspi;
    import waffle.windows.auth.IWindowsCredentialsHandle;
    import waffle.windows.auth.IWindowsIdentity;
    import waffle.windows.auth.IWindowsSecurityContext;
    import waffle.windows.auth.impl.WindowsAccountImpl;
    import waffle.windows.auth.impl.WindowsAuthProviderImpl;
    import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
    import waffle.windows.auth.impl.WindowsSecurityContextImpl;

    public class KerberosSingleSignOn {
      public static void main() {
        try {
          System.out.println(getWindowsIdentity().getFqn());
        }
        catch (Exception e) {
          e.printStackTrace();
        }
      }

      public static IWindowsIdentity getWindowsIdentity() throws Exception {
        try {
          byte[] kerberosToken = getServiceTicketSSPI();
          WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
          IWindowsSecurityContext securityContext = provider
            .acceptSecurityToken("client-connection", kerberosToken, "Kerberos");
          return securityContext.getIdentity();
        }
        catch (Exception e) {
          throw new Exception("Failed to process kerberos token");
        }
      }

      public static byte[] getServiceTicketSSPI() throws Exception {
        final String securityPackage = "Kerberos";
        final String targetName = "<disclosed>";
        IWindowsCredentialsHandle clientCredentials = null;
        WindowsSecurityContextImpl clientContext = null;
        final String currentUser = WindowsAccountImpl.getCurrentUsername();
        try {
          clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
          clientCredentials.initialize();
          // initial client security context
          clientContext = new WindowsSecurityContextImpl();
          clientContext.setPrincipalName(currentUser);
          clientContext.setCredentialsHandle(clientCredentials.getHandle());
          /*OR 
           clientContext.setCredentialsHandle(clientCredentials);
           */
          clientContext.setSecurityPackage(securityPackage);
          final Sspi.SecBufferDesc continueToken = null;
          do {
            System.out.println("Using target name: " + targetName);
            clientContext.initialize(clientContext.getHandle(), continueToken, targetName);
          }
          while (clientContext.isContinue());

          return clientContext.getToken();
        }
        catch (Exception e) {
          throw new Exception("Failed to process kerberos token");
        }
        finally {
          if (clientContext != null)
            clientContext.dispose();
          if (clientCredentials != null)
            clientCredentials.dispose();
        }
      }
    }
-1
投票

而不是使用华夫饼并使之复杂。您可以轻松地使用System.getProperty(“ user.name”)将提供用户名。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.