我正在使用 MobileFirstUserLogin示例适配器进行安全检查。我想实现单点登录 (SSO(
使用从Github下载的干净适配器,SSO工作正常。但是我想针对 mysql 数据库验证凭据。我注意到,只要我添加该行
dataSource = new BasicDataSource();
在validateCredentials方法中,SSO停止工作:
@Override
protected boolean validateCredentials(Map<String, Object> credentials) {
if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
String username = credentials.get("username").toString();
String password = credentials.get("password").toString();
dataSource = new BasicDataSource(); //this line
if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
...
我仍然可以使用此适配器登录,但 SSO 不再起作用。
完整适配器:
adapter.xml:
<?xml version="1.0" encoding="UTF-8"?>
<mfp:adapter name="UserLogin"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mfp="http://www.ibm.com/mfp/integration"
xmlns:http="http://www.ibm.com/mfp/integration/http">
<displayName>UserLogin</displayName>
<description>Protect resources using a combination of username and password.</description>
<securityCheckDefinition name="UserLogin" class="com.sample.UserLogin">
<property name="maxAttempts" defaultValue="3" description="How many attempts are allowed" type="integer"/>
<property name="blockedStateExpirationSec" defaultValue="10" description="How long before the client can try again (seconds)" type="integer"/>
<property name="successStateExpirationSec" defaultValue="60" description="How long is a successful state valid for (seconds)" type="integer"/>
<property name="rememberMeDurationSec" defaultValue="120" description="How long is the user remembered when using RememberMe (seconds)" type="integer"/>
</securityCheckDefinition>
</mfp:adapter>
UserLogin.java:
package com.sample;
import com.ibm.mfp.security.checks.base.UserAuthenticationSecurityCheck;
import com.ibm.mfp.server.registration.external.model.AuthenticatedUser;
import org.apache.commons.dbcp.BasicDataSource;
import java.util.HashMap;
import java.util.Map;
import java.sql.*;
public class UserLogin extends UserAuthenticationSecurityCheck {
private String userId, displayName;
private String errorMsg;
private boolean rememberMe = false;
public BasicDataSource dataSource = null;
@Override
protected AuthenticatedUser createUser() {
return new AuthenticatedUser(userId, displayName, this.getName());
}
@Override
protected boolean validateCredentials(Map<String, Object> credentials) {
if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
String username = credentials.get("username").toString();
String password = credentials.get("password").toString();
dataSource = new BasicDataSource();
if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
userId = username;
displayName = username;
//Optional RememberMe
if(credentials.containsKey("rememberMe") ){
rememberMe = Boolean.valueOf(credentials.get("rememberMe").toString());
}
errorMsg = null;
return true;
}
else {
errorMsg = "Wrong Credentials";
}
}
else{
errorMsg = "Credentials not set properly";
}
return false;
}
@Override
protected Map<String, Object> createChallenge() {
Map challenge = new HashMap();
challenge.put("errorMsg",errorMsg);
challenge.put("remainingAttempts",getRemainingAttempts());
return challenge;
}
@Override
protected boolean rememberCreatedUser() {
return rememberMe;
}
}
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sample</groupId>
<artifactId>UserLogin</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>adapter</packaging>
<name>UserLogin</name>
<dependencies>
<dependency>
<groupId>com.ibm.mfp</groupId>
<artifactId>adapter-maven-api</artifactId>
<scope>provided</scope>
<version>[8.0.0,9.0.0)</version>
</dependency>
<dependency>
<groupId>com.ibm.mfp</groupId>
<artifactId>mfp-security-checks-base</artifactId>
<version>[8.0.0,9.0.0)</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.4</version>
</dependency>
</dependencies>
<properties>
<!-- Use UTF-8 as the encoding of the adapter -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- parameters for deploy mfpf adapter -->
<mfpfUrl>http://localhost:9080/mfpadmin</mfpfUrl>
<mfpfUser>admin</mfpfUser>
<mfpfPassword>admin</mfpfPassword>
<mfpfRuntime>mfp</mfpfRuntime>
<mfpfRuntime>mfp</mfpfRuntime>
</properties>
<build>
<plugins>
<plugin>
<groupId>com.ibm.mfp</groupId>
<artifactId>adapter-maven-plugin</artifactId>
<extensions>true</extensions>
</plugin>
</plugins>
</build>
</project>
使用 BasicDataSource 作为瞬态数据源。基本上,当您实施MFP安全检查时,任何不需要作为安全检查一部分的对象都会将它们标记为暂时性,以确保它不会作为安全检查状态的一部分保存。