ibm-mobilefirst - 为什么 apache.commons.dbcp.BasicDataSource 在 MobileFirst 适配器中禁用 SSO?
问题描述
我将 MobileFirstUserLogin示例适配器用于 SecurityCheck。我想实现单点登录 (SSO)
使用从 Github 下载的干净适配器,SSO 可以正常工作。但我想根据 mysql 数据库验证凭据。我注意到,只要我添加该行
dataSource = new BasicDataSource();
在validateCredentials方法中,SSO停止工作:
@Override
protected boolean validateCredentials(Map<String, Object> credentials) {
if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
String username = credentials.get("username").toString();
String password = credentials.get("password").toString();
dataSource = new BasicDataSource(); //this line
if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
...
我仍然可以使用此适配器登录,但 SSO 不再起作用。
完整的适配器:
adapter.xml:
<?xml version="1.0" encoding="UTF-8"?>
<mfp:adapter name="UserLogin"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mfp="http://www.ibm.com/mfp/integration"
xmlns:http="http://www.ibm.com/mfp/integration/http">
<displayName>UserLogin</displayName>
<description>Protect resources using a combination of username and password.</description>
<securityCheckDefinition name="UserLogin" class="com.sample.UserLogin">
<property name="maxAttempts" defaultValue="3" description="How many attempts are allowed" type="integer"/>
<property name="blockedStateExpirationSec" defaultValue="10" description="How long before the client can try again (seconds)" type="integer"/>
<property name="successStateExpirationSec" defaultValue="60" description="How long is a successful state valid for (seconds)" type="integer"/>
<property name="rememberMeDurationSec" defaultValue="120" description="How long is the user remembered when using RememberMe (seconds)" type="integer"/>
</securityCheckDefinition>
</mfp:adapter>
UserLogin.java:
package com.sample;
import com.ibm.mfp.security.checks.base.UserAuthenticationSecurityCheck;
import com.ibm.mfp.server.registration.external.model.AuthenticatedUser;
import org.apache.commons.dbcp.BasicDataSource;
import java.util.HashMap;
import java.util.Map;
import java.sql.*;
public class UserLogin extends UserAuthenticationSecurityCheck {
private String userId, displayName;
private String errorMsg;
private boolean rememberMe = false;
public BasicDataSource dataSource = null;
@Override
protected AuthenticatedUser createUser() {
return new AuthenticatedUser(userId, displayName, this.getName());
}
@Override
protected boolean validateCredentials(Map<String, Object> credentials) {
if(credentials!=null && credentials.containsKey("username") && credentials.containsKey("password")){
String username = credentials.get("username").toString();
String password = credentials.get("password").toString();
dataSource = new BasicDataSource();
if(!username.isEmpty() && !password.isEmpty() && username.equals(password)) {
userId = username;
displayName = username;
//Optional RememberMe
if(credentials.containsKey("rememberMe") ){
rememberMe = Boolean.valueOf(credentials.get("rememberMe").toString());
}
errorMsg = null;
return true;
}
else {
errorMsg = "Wrong Credentials";
}
}
else{
errorMsg = "Credentials not set properly";
}
return false;
}
@Override
protected Map<String, Object> createChallenge() {
Map challenge = new HashMap();
challenge.put("errorMsg",errorMsg);
challenge.put("remainingAttempts",getRemainingAttempts());
return challenge;
}
@Override
protected boolean rememberCreatedUser() {
return rememberMe;
}
}
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.sample</groupId>
<artifactId>UserLogin</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>adapter</packaging>
<name>UserLogin</name>
<dependencies>
<dependency>
<groupId>com.ibm.mfp</groupId>
<artifactId>adapter-maven-api</artifactId>
<scope>provided</scope>
<version>[8.0.0,9.0.0)</version>
</dependency>
<dependency>
<groupId>com.ibm.mfp</groupId>
<artifactId>mfp-security-checks-base</artifactId>
<version>[8.0.0,9.0.0)</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.38</version>
</dependency>
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.9.4</version>
</dependency>
</dependencies>
<properties>
<!-- Use UTF-8 as the encoding of the adapter -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<!-- parameters for deploy mfpf adapter -->
<mfpfUrl>http://localhost:9080/mfpadmin</mfpfUrl>
<mfpfUser>admin</mfpfUser>
<mfpfPassword>admin</mfpfPassword>
<mfpfRuntime>mfp</mfpfRuntime>
<mfpfRuntime>mfp</mfpfRuntime>
</properties>
<build>
<plugins>
<plugin>
<groupId>com.ibm.mfp</groupId>
<artifactId>adapter-maven-plugin</artifactId>
<extensions>true</extensions>
</plugin>
</plugins>
</build>
</project>
解决方案
使用 BasicDataSource 作为瞬态。基本上,当您实施 MFP 安全检查时,您不需要作为安全检查一部分的任何对象,将它们标记为瞬态以确保它不会被保存为安全检查状态的一部分。
推荐阅读
- python - 如何使用 Pearson 1-r 作为距离度量在 Python 中运行 kmeans 集群?
- postgresql - 使用 Ansible 运行 Postgres 容器
- php - .htaccess 错误(ERR_TOO_MANY_REDIRECTS)
- matlab - 使用 2D 二值图像绘制具有固定高度的表面仅部分有效
- flutter - 没有为“_MyAppState”类型定义方法“Amplify”。-颤振放大
- c++ - std::any std::unique_ptr 不起作用?
- r - 如何在R中导出具有不同工作表的excel文件?
- sql - 将数据放入 WHERE 子句条件而不获取它 | 并删除左连接查询中的重复项
- java - 将带有片段的 Tablayout 作为子片段嵌套在导航抽屉中的片段内
- amazon-web-services - Spring Cloud 应用程序无法连接到 AWS Kinesis 'dynamoDBClient' 不能为空