我通过BASIC方法身份验证成功登录,我想将我的身份验证方法从BASIC更改为DIGEST。但我得到了这个例外:
18:34:37,958 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Security Exception
我使用JBOSS 7 AS独立,这是我的配置文件: (当然,我已经排除了一些不相关的行)
的JBoss-web.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/digest</security-domain>
</jboss-web>
的web.xml:
<security-constraint>
<display-name>admin resources</display-name>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<description />
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description />
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>All admins</description>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
standalone.xml:
<security-domains>
<security-domain name="digest" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="rfc2617"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="passwordIsA1Hash" value="true"/>
<module-option name="storeDigestCallback" value="org.jboss.security.auth.spi.RFC2617Digest"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
application-users.properties:
mostafasho=c3535bbe0db83e64d424b47c1e9b7a2c
application-roles.properties:
mostafasho=admin
我错过了什么吗?