JBoss 6中的DatabaseServerLoginModule登录问题

时间:2012-07-03 20:14:18

标签: java-ee login jboss jboss6.x jaas

当我尝试使用ServeletException: Failed to authenticate a principal登录时,我收到了 DatabaseServerLoginModule 。我猜这个问题是密码写入db的方式还是不正确的rolesQuery。我当然可以使用有关如何排除故障的建议。这是我的设置:

登录-config.xml中 

<application-policy name = "Avengers">
  <authentication>
    <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name = "dsJndiName">java:/jdbc/thor_ds</module-option>
       <module-option name = "principalsQuery">SELECT password FROM usertable WHERE username = ?</module-option>
       <module-option name="rolesQuery" value="SELECT groupid, 'Roles' FROM grouptable WHERE username=?" />
       <!--<module-option name="rolesQuery" value="SELECT gt.groupid as 'userRoles', gt.groupid as 'Roles' FROM grouptable as gt WHERE username=?" />-->
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
    </login-module>
  </authentication>
</application-policy>

的JBoss-web.xml中 

<jboss-web>
  <context-root>/Avengers</context-root>
  <security-domain>java:/jaas/Avengers</security-domain>
</jboss-web>

的MySQL-init.sql 

create table usertable (
    username varchar(128) NOT NULL PRIMARY KEY,
    password varchar(128) NOT NULL,
    email varchar(128) NOT NULL,
    firstname varchar(128) NOT NULL,
    lastname varchar(128) NOT NULL
);

create table grouptable(
    username varchar(128) NOT NULL,
    groupid  varchar(128) NOT NULL,
    CONSTRAINT GROUP_PK PRIMARY KEY(username, groupid),
    CONSTRAINT USER_FK FOREIGN KEY(username) REFERENCES usertable(username)
        ON DELETE CASCADE ON UPDATE RESTRICT
);

insert into usertable(username,password,email,firstname,lastname) 
    values ('admin', '21232f297a57a5a743894a0e4a801fc3','','','');
insert into grouptable(username,groupid) values ('admin', 'USER');
insert into grouptable(username,groupid) values ('admin', 'ADMIN');

web.xml

的摘录 
<security-constraint>
    <display-name>Admin</display-name>
    <web-resource-collection>
        <web-resource-name>Admin Views</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>USER</role-name>
        <role-name>ADMIN</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>Compass Web</display-name>
    <web-resource-collection>
        <web-resource-name>Monitoring Module</web-resource-name>
        <url-pattern>/monitor/*</url-pattern>
    </web-resource-collection>
    <web-resource-collection>
        <web-resource-name>Core Web Module</web-resource-name>
        <url-pattern>/main/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>USER</role-name>
        <role-name>ADMIN</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>
    <display-name>Login</display-name>
    <web-resource-collection>
        <web-resource-name>Login Pages</web-resource-name>
        <url-pattern>/login/*</url-pattern>
    </web-resource-collection>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>avengers</realm-name>
    <form-login-config>
        <form-login-page>/login/login.xhtml</form-login-page>
        <form-error-page>/login/error.xhtml</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <description/>
    <role-name>ADMIN</role-name>
</security-role>
<security-role>
    <description/>
    <role-name>USER</role-name>
</security-role>

我的UserBean.login()

public String login() {

    System.out.println("user "+username+" is attempting to login...");

    FacesContext context = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest) context.getExternalContext().getRequest();
    try {
        request.login(this.username, this.password);
        this.cUser = Utils.getEntityManager().find(MyUser.class, username);
        System.out.println("User "+username+" successfully logged in...");
    } catch (ServletException e) {
        // Handle unknown username/password in request.login().
        context.addMessage(null, new FacesMessage("Invalid Login Credentials"));
        System.err.println("Invalid Login Credentials");
        e.printStackTrace();

        return "/login/error.xhtml";
    }

    return "/main/index.xhtml";
}

1 个答案:

答案 0 :(得分:3)

我能够在jboss as forums上获得帮助。我的解决方案是修改rolesQuery的标记:

<module-option name="rolesQuery" 
    value="SELECT groupid, 'Roles' FROM grouptable WHERE username=?" />

到此:

<module-option name="rolesQuery">
   SELECT groupid, 'Roles' FROM grouptable WHERE username=?
</module-option>

我还必须将编码样式更改为 HEX 。这是我的 login-config.xml 

<application-policy name="Avengers">
    <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
          <module-option name="dsJndiName">java:/jdbc/thor_ds</module-option>
          <module-option name="principalsQuery">SELECT password FROM usertable WHERE username = ?</module-option>
          <module-option name="rolesQuery">SELECT groupid, 'Roles' FROM grouptable WHERE username=?</module-option>
          <module-option name="hashAlgorithm">MD5</module-option>
          <module-option name="hashEncoding">HEX</module-option>
          <!--<module-option name="hashEncoding">base64</module-option>-->
       </login-module>
    </authentication>
 </application-policy>
相关问题
最新问题