我正在尝试在简单的Web应用程序上实现安全性,但我无法做到正确。
我有DataSource" SecurityTestDS"工作。 在standalone.xml中,我有:
<default-security-domain value="jdbc-security-domain"/>
<security-domain name="jdbc-security-domain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<!--<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">-->
<module-option name="dsJndiName" value="java:jboss/datasources/SecurityTestDS"/>
<module-option name="principalsQuery" value="select password from cb_users where username = ?"/>
<module-option name="rolesQuery" value="select groupname Roles from cb_groups where username = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
jboss-web.xml包含
<security-domain>jdbc-security-domain</security-domain>
<!-- <security-domain>java:/jaas/jdbc-security-domain</security-domain>-->
<disable-audit>false</disable-audit>
web.xml包含:
<security-constraint>
<display-name>protected-pages</display-name>
<web-resource-collection>
<web-resource-name>protected-pages</web-resource-name>
<url-pattern>/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jdbc-security-domain</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
的login.jsp
<form action="j_security_check" method=post>
<p>
<strong>Username:</strong>
<input type="text" name="j_username" size="25">
<p>
<p>
<strong>Password: </strong>
<input type="password" size="15" name="j_password">
<p>
<p>
<input type="submit" value="Submit">
<input type="reset" value="Reset">
</form>
LoginError.jsp包含
<h2>Invalid user name or password.</h2>
数据库是:
CREATE TABLE `cb_groups` (
`groupname` varchar(255) NOT NULL,
`username` varchar(255) NOT NULL,
`ID` int(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`ID`),
UNIQUE KEY `ID_UNIQUE` (`ID`)
);
INSERT INTO `cb_groups` VALUES ('admin','admin',1),('user','user',2);
CREATE TABLE `cb_users` (
`username` varchar(255) NOT NULL,
`password` varchar(255) DEFAULT NULL,
PRIMARY KEY (`username`)
);
INSERT INTO `cb_users` VALUES ('admin','21232F297A57A5A743894A0E4A801FC3'),('user','21232F297A57A5A743894A0E4A801FC3');
我使用该代码段生成插入数据库的哈希。
System.out.println(DatatypeConverter.printHexBinary(MessageDigest.getInstance("MD5").digest("admin".getBytes("UTF-8"))));
不幸的是访问/ contextRoot / protected / *总是返回登录页面所有尝试用户名/密码的用户名/密码或管理员/管理员总是返回&#34;无效的用户名或密码&#34;来自loginError.jsp与任何服务器日志。任何帮助将不胜感激。
答案 0 :(得分:0)
您的rolesQuery值应如下所示:
select groupname, 'Roles' from cb_groups where username = ?
您可以在https://docs.jboss.org/author/display/WFLY8/Authentication+Modules上找到如何设计数据库身份验证模块选项。