从内存读取JAAS配置文件的任何方法

你可以实现你自己的 Configuration . JavaDoc说:

默认配置 可通过以下方式更改实现: 设置的值 “login.configuration.provider” 安全属性(在Java中) 安全属性文件)。 所需的限定名 配置实现类。

默认实现 com.sun.security.auth.login.ConfigFile (source) 每次实例化类时都会加载该文件。您可以缓存内容。对安全方面也没有任何评论。

下面的代码片段连接到一个PostgreSQL数据库(使用pgjdbc和hikaricp),该数据库具有内存中的JAAS配置,即,否 Configuration 需要文件:

package com.vlkan.kerberos.auth;

import com.google.common.collect.ImmutableMap;
import com.zaxxer.hikari.HikariConfig;
import com.zaxxer.hikari.HikariDataSource;

import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Map;
import java.util.Properties;

import static com.google.common.base.Preconditions.checkArgument;

public enum Main {;

    private static final String JAAS_CONFIG_NAME = "pgjdbc";

    public static void main(String[] args) throws LoginException, SQLException {

        String jdbcUrl = "jdbc:postgresql://host/dbname";
        String jdbcDriver = "org.postgresql.Driver";
        String username = "user";
        String password = "pass";

        Configuration jaasConfig = createJaasConfig();
        Configuration.setConfiguration(jaasConfig);

        HikariConfig hikariConfig = createHikariConfig(jdbcUrl, jdbcDriver, username, password);
        HikariDataSource dataSource = new HikariDataSource(hikariConfig);
        try (Connection connection = dataSource.getConnection()) {
            try (PreparedStatement statement = connection.prepareStatement("SELECT 1")) {
                try (ResultSet resultSet = statement.executeQuery()) {
                    boolean next = resultSet.next();
                    checkArgument(next, "no results");
                    int result = resultSet.getInt(1);
                    checkArgument(result == 1, "expecting: 1, found: %s", result);
                    System.out.println("ok");
                }
            }
        }

    }

    private static HikariConfig createHikariConfig(String jdbcUrl, String jdbcDriver, String username, String password) {
        HikariConfig config = new HikariConfig();
        config.setDriverClassName(jdbcDriver);
        config.setJdbcUrl(jdbcUrl);
        config.setUsername(username);
        config.setPassword(password);
        fixKerberosProperties(config, username, password);
        return config;
    }

    private static void fixKerberosProperties(HikariConfig config, String username, String password) {
        Properties properties = new Properties();
        properties.setProperty("user", username);
        properties.setProperty("password", password);
        properties.setProperty("JAASConfigName", JAAS_CONFIG_NAME);
        config.setDataSourceProperties(properties);
    }

    private static Configuration createJaasConfig() {

        // Create entry options.
        Map<String, Object> options = ImmutableMap.of(
                "useFirstPass", "false",    // Do *not* use javax.security.auth.login.{name,password} from shared state.
                "debug", "true"             // Output debug (including plain text username and password!) messages.
        );

        // Create entries.
        AppConfigurationEntry[] entries = {
                new AppConfigurationEntry(
                        "com.sun.security.auth.module.Krb5LoginModule",
                        AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
                        options)
        };

        // Create configuration.
        return new Configuration() {
            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                checkArgument(JAAS_CONFIG_NAME.equals(name));
                return entries;
            }
        };

    }

}