代码之家  ›  专栏  ›  技术社区  ›  farahm

为什么apache.commons.dbcp.basicdatasource在mobilefirst适配器中禁用sso?

  •  0
  • farahm  · 技术社区  · 7 年前

    我在用手机 UserLogin SecurityCheck的示例适配器。我想实现单点登录(SSO)

    使用从github下载的干净适配器,sso可以正常工作。但我想根据mysql数据库验证凭据。我注意到只要我加上一行

    dataSource = new BasicDataSource();

    在里面 validateCredentials 方法,SSO 停止 工作:

        @Override
        protected boolean validateCredentials(Map<String, Object> credentials) {
            if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
                String username = credentials.get("username").toString();
                String password = credentials.get("password").toString();
    
                dataSource = new BasicDataSource(); //this line
    
                if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
                    ...
    

    我仍然可以使用此适配器登录,但SSO不再工作。

    完整适配器:

    adapter.xml :

    <?xml version="1.0" encoding="UTF-8"?>
    
    <mfp:adapter name="UserLogin"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:mfp="http://www.ibm.com/mfp/integration"
        xmlns:http="http://www.ibm.com/mfp/integration/http">
    
        <displayName>UserLogin</displayName>
        <description>Protect resources using a combination of username and password.</description>
    
        <securityCheckDefinition name="UserLogin" class="com.sample.UserLogin">
            <property name="maxAttempts" defaultValue="3" description="How many attempts are allowed" type="integer"/>
            <property name="blockedStateExpirationSec" defaultValue="10" description="How long before the client can try again (seconds)" type="integer"/>
            <property name="successStateExpirationSec" defaultValue="60" description="How long is a successful state valid for (seconds)" type="integer"/>
            <property name="rememberMeDurationSec" defaultValue="120" description="How long is the user remembered when using RememberMe (seconds)" type="integer"/>
        </securityCheckDefinition>
    
    </mfp:adapter>
    

    UserLogin.java :

    package com.sample;
    
    import com.ibm.mfp.security.checks.base.UserAuthenticationSecurityCheck;
    import com.ibm.mfp.server.registration.external.model.AuthenticatedUser;
    import org.apache.commons.dbcp.BasicDataSource;
    
    import java.util.HashMap;
    import java.util.Map;
    import java.sql.*;
    
    public class UserLogin extends UserAuthenticationSecurityCheck {
        private String userId, displayName;
        private String errorMsg;
        private boolean rememberMe = false;
        public BasicDataSource dataSource = null;
    
        @Override
        protected AuthenticatedUser createUser() {
            return new AuthenticatedUser(userId, displayName, this.getName());
        }
    
        @Override
        protected boolean validateCredentials(Map<String, Object> credentials) {
            if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
                String username = credentials.get("username").toString();
                String password = credentials.get("password").toString();
    
                dataSource = new BasicDataSource();
    
                if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
                    userId = username;
                    displayName = username;
    
                    //Optional RememberMe
                    if(credentials.containsKey("rememberMe") ){
                        rememberMe = Boolean.valueOf(credentials.get("rememberMe").toString());
                    }
                    errorMsg = null;
                    return true;
                }
                else {
                    errorMsg = "Wrong Credentials";
                }
            }
            else{
                errorMsg = "Credentials not set properly";
            }
            return false;
        }
    
        @Override
        protected Map<String, Object> createChallenge() {
            Map challenge = new HashMap();
            challenge.put("errorMsg",errorMsg);
            challenge.put("remainingAttempts",getRemainingAttempts());
            return challenge;
        }
    
        @Override
        protected boolean rememberCreatedUser() {
            return rememberMe;
        }
    }
    

    pom.xml :

    <?xml version="1.0" encoding="UTF-8"?>
    
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    
        <modelVersion>4.0.0</modelVersion>
        <groupId>com.sample</groupId>
        <artifactId>UserLogin</artifactId>
        <version>1.0-SNAPSHOT</version>
        <packaging>adapter</packaging>
        <name>UserLogin</name>
    
        <dependencies>
            <dependency>
                <groupId>com.ibm.mfp</groupId>
                <artifactId>adapter-maven-api</artifactId>
                <scope>provided</scope>
                <version>[8.0.0,9.0.0)</version>
            </dependency>
            <dependency>
                <groupId>com.ibm.mfp</groupId>
                <artifactId>mfp-security-checks-base</artifactId>
                <version>[8.0.0,9.0.0)</version>
            </dependency>
            <dependency>
                <groupId>mysql</groupId>
                <artifactId>mysql-connector-java</artifactId>
                <version>5.1.38</version>
            </dependency>
            <dependency>
                <groupId>commons-dbcp</groupId>
                <artifactId>commons-dbcp</artifactId>
                <version>1.2.2</version>
            </dependency>
            <dependency>
                <groupId>com.fasterxml.jackson.core</groupId>
                <artifactId>jackson-databind</artifactId>
                <version>2.9.4</version>
            </dependency>
        </dependencies>
    
        <properties>
            <!-- Use UTF-8 as the encoding of the adapter -->
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    
            <!-- parameters for deploy mfpf adapter -->
            <mfpfUrl>http://localhost:9080/mfpadmin</mfpfUrl>
            <mfpfUser>admin</mfpfUser>
            <mfpfPassword>admin</mfpfPassword>
            <mfpfRuntime>mfp</mfpfRuntime>
            <mfpfRuntime>mfp</mfpfRuntime>
        </properties>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>com.ibm.mfp</groupId>
                    <artifactId>adapter-maven-plugin</artifactId>
                    <extensions>true</extensions>
                </plugin>
            </plugins>
        </build>
    </project>
    
    1 回复  |  直到 7 年前
        1
  •  1
  •   Kavitha Varadarajan    7 年前

    使用BasicDatasource作为瞬态。基本上,当您实现mfp安全检查时,任何不需要作为安全检查一部分的对象,都要将它们标记为暂时的,以确保它不会被保存为security check状态的一部分。