JAAS自定义LoginModule

时间:2014-06-12 00:55:08

标签: java rest ejb jaas

我正在尝试编写我的服务器LoginModule,以便在我的REST服务中使用基本授权。为此我做了以下:

  1. 我编写了自己的LoginModule,名为QuarkLoginModule。
  2. 在web.xml中添加了以下代码段:

    <security-role>
        <role-name>researcher</role-name>
    </security-role>
    <security-constraint>
        <display-name>SecurityConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>Schedule</web-resource-name>
            <url-pattern>/ws/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>researcher</role-name>
        </auth-constraint>
        <user-data-constraint>
             <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>quark</realm-name>
    </login-config>
    
  3. 在/ejb/src/main/resources/META-INF/login.config中创建文件,内容如下:

    quark {
    edu.quark.auth.QuarkLoginModule required debug=true;
    }
    
  4. 将以下JBoss运行时配置添加到VM参数部分:

    "-Djava.security.auth.login.config=/home/desertfox/Dresden/cbse/quark/ams-quark-1/ejb/src/main/resources/META-INF/login.config" 
    
  5. 将以下代码段添加到standalone.xml:

    <security-domain name="quark" cache-type="default">
        <authentication>
            <login-module code="edu.quark.auth.QuarkLoginModule" flag="sufficient">
                <module-option name="roles" value="researcher"/>
                <module-option name="realm" value="quark"/>
            </login-module>                           
        </authentication>                                 
    </security-domain>  
    
  6. 但是我没有调用我的LoginModule,而是一直收到有关错误名称/密码的错误消息。我得到以下例外:

    02:43:44,825 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.7.Final.jar:4.0.7.Final]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_21]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_21]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_21]
        at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_21]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_21]
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_21]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
        at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:]
        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]
        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
        at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_21]
    

    正如我所看到的,一些默认的名为UsersRolesLoginModule

    ,而不是我的模块

    请告诉我,我还能尝试一下吗?

1 个答案:

答案 0 :(得分:1)

也许您没有设置正确的安全域&#34;夸克&#34;?这可以使用jboss-web.xml或使用org.jboss.ejb3.annotation.SecurityDomain注释来完成。

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd"
           version="7.1">
    <context-root>/ctxroot</context-root>
    <security-domain>quark</security-domain>
</jboss-web>