从JBoss EAP 5.2.0迁移到JBoss EAP 6.1.0。用户被正确定向到login.jsp页面,但在通过j_security_check成功进行身份验证后,重定向到最初请求的Main.jsp页面不会发生,用户将被卡在login.jsp上。
日志看起来像Main.jsp最初保存为请求,但由于它被重定向到login.jsp,login.jsp将作为新请求保存在Main.jsp上。
与JBoss EAP 5.2.0的工作部署相比,我注意到工作日志包含:
[org.apache.catalina.connector.CoyoteAdapter](http-0.0.0.0-8443-1 :)请求的cookie会话ID是...... [org.apache.catalina.authenticator.AuthenticatorBase](http-0.0.0.0-8443-1 :)安全检查请求GET / myApp /
以下是JBoss EAP 6.1.0服务器输出:
Security checking request GET /myApp/
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /Main.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /Main.jsp --> true
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /Main.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /Main.jsp --> true
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling hasUserDataPermission()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) User data constraint already satisfied
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling authenticate()
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Save request in session 'Db-s0UWZpAj9Z0g1QBRcDkhe'
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/myApp].[jsp]] (http-localhost/127.0.0.1:8443-1) Disabling the response for futher output
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/myApp].[jsp]] (http-localhost/127.0.0.1:8443-1) The Response is vehiculed using a wrapper: org.apache.catalina.connector.Response
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Failed authenticate() test
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Security checking request GET /myApp/login.jsp
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /login.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /login.jsp --> true
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /login.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /login.jsp --> true
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling hasUserDataPermission()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) User data constraint already satisfied
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling authenticate()
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Save request in session 'Db-s0UWZpAj9Z0g1QBRcDkhe'
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/myApp].[jsp]] (http-localhost/127.0.0.1:8443-1) Disabling the response for futher output
[org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/myApp].[jsp]] (http-localhost/127.0.0.1:8443-1) The Response is vehiculed using a wrapper: org.apache.catalina.connector.Response
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Failed authenticate() test
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Security checking request GET /myApp/images/com_logo.jpg
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /images/com_logo.jpg --> true
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /images/com_logo.jpg --> true
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling hasUserDataPermission()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) User data constraint has no restrictions
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling accessControl()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking roles null
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Passing all access
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Successfully passed all security constraints
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Security checking request POST /myApp/j_security_check
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Authenticating username 'admin'
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Authentication of 'admin' was successful
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Redirecting to original '/myApp/login.jsp?accept=true'
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Failed authenticate() test ??/myApp/j_security_check
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Security checking request GET /myApp/login.jsp
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /login.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /login.jsp --> true
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /login.jsp --> false
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /login.jsp --> true
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling hasUserDataPermission()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) User data constraint already satisfied
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling authenticate()
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Restore request from session 'Db-s0UWZpAj9Z0g1QBRcDkhe'
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Authenticated 'admin' with type 'FORM'
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Proceed to restored request
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling accessControl()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking roles GenericPrincipal[admin(HttpInvoker,AppRole,)]
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) JBWEB000017: User [admin] has role [AppRole]
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Role found: AppRole
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Successfully passed all security constraints
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Security checking request GET /myApp/images/com_logo.jpg
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[sc]' against GET /images/com_logo.jpg --> true
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking constraint 'SecurityConstraint[all]' against GET /images/com_logo.jpg --> true
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling hasUserDataPermission()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) User data constraint has no restrictions
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Calling accessControl()
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Checking roles GenericPrincipal[admin(HttpInvoker,AppRole,)]
[org.apache.catalina.realm] (http-localhost/127.0.0.1:8443-1) Passing all access
[org.apache.catalina.authenticator] (http-localhost/127.0.0.1:8443-1) Successfully passed all security constraints
的web.xml:
<security-constraint>
<display-name>un-protected</display-name>
<web-resource-collection>
<web-resource-name>sc</web-resource-name>
<description>My Resources</description>
<url-pattern>/login-redirect.html</url-pattern>
<url-pattern>/images/app_logo.jpg</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>protected</display-name>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<description>all</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Users authorized to use MyApp.</description>
<role-name>MyRole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>My Realm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?loginFailed=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>MyRole</role-name>
</security-role>
我还在服务器日志中注意到以下内容:
DEBUG [org.jboss.security] (http-localhost/127.0.0.1:8443-1) PBOX000287: Failed to open properties file from URL: java.net.MalformedURLException: no protocol: /opt/web/jboss/jboss-eap-6.2/standalone/configuration/my-app-users.properties
我能够让它重定向,但不太确定为什么它在JBoss 5和6 EAP之间有所不同。我的登录最初提示用户提供通知表单,用户必须接受登录表单(均包含在login.jsp中)。通知表格包含:
<form action="login.jsp">
<input type="hidden" name="accept" value="true"/>
<div align="center"><input type="submit" value="Accept"></div>
</form>
将操作更改为“/ [my_apps_base_url&gt;] /”可使其正常工作。