我正在使用WebLogic 10.3(11G)上的Flex实现(目前使用SDK 3.5)。我们最初使用Glassfish v2.1.1时没有问题(存在活动目录组查找错误,但它并没有阻碍我们的进度。)自从转换到WebLogic以来,我们遇到一个问题,即使用j_security_check登录后flexsession失效:
[BlazeDS]Unexpected error encountered in Message Broker servlet
flex.messaging.LocalizedException: The FlexSession is invalid.
at flex.messaging.FlexSession.checkValid(FlexSession.java:943)
at flex.messaging.FlexSession.getUserPrincipal(FlexSession.java:254)
at flex.messaging.HttpFlexSession.getUserPrincipal(HttpFlexSession.java:286)
at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:296)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
我在services-config.xml中尝试了几乎所有选项:
[security>
[login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
[!-- Uncomment the correct app server
[login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss">
[login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>
[login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
[login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
-->
[/security>
[login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
[!-- Uncomment the correct app server
[login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss">
[login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>
[login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
[login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
-->
[/security>
我甚至完全删除了这部分没有运气。登录从非BlazeDS角度正确运行。它正确地验证用户。没有身份验证,BlazeDS工作正常(任何远程调用都没有错误。)它是一个失败的大球(每次无效的flexsession。)
有人有这个工作吗?有什么提示吗?
答案 0 :(得分:0)
将 services-config.xml 修改为
<security auto-config="true" session-fixation-protection="none">
<login-command class="flex.messaging.security.TomcatLoginCommand" ....