我有一个Java EE 6项目,JSF和WildFly作为应用程序服务器。
我想实现JDBC领域的身份验证,但是我遇到了登录失败异常(javax.servlet.ServletException)
这是我的Login.xhtml页面:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:p="http://primefaces.org/ui">
<ui:composition template="/WEB-INF/templates/main.xhtml">
<ui:param name="nologin" value="true" />
<ui:define name="insert-title">
<h:outputText value="Kundenverwaltung - Login"/>
</ui:define>
<ui:define name="insert-content">
<h:form>
<h:panelGrid columns="2">
<p:outputLabel for="j_username" value="Username" />
<p:inputText type="text" id="j_username" name="j_username"
value="#{securityStatus.userName}" />
<p:outputLabel for="j_password" value="Password" />
<p:inputText type="password" id="j_password" name="j_password"
value="#{securityStatus.password}" />
<p:commandButton name="login" id="login" value="Login"
action="#{securityActions.login}" ajax="false" />
</h:panelGrid>
</h:form>
</ui:define>
</ui:composition>
</html>
这是我的SecurityAction Bean:这是我在ServletException的catch块中获取异常LoginFail的类
public String login() {
HttpServletRequest servletRequest = getHttpRequest();
try {
servletRequest.login( securityStatus.getUserName(), securityStatus.getPassword() );
securityStatus.setLoggedIn( true );
logger.debug( "user has logged in." );
return PATH_VIEWS_PROJECT + VIEW_PROJECT_OVERVIEW;
} catch ( ServletException e ) {
System.out.println(e.getLocalizedMessage());
e.printStackTrace();
securityStatus.setLoggedIn( false );
logger.debug( "user was not logged in." );
return PATH_VIEWS_SECURITY + VIEW_LOGIN;
}
}
这是我的web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<display-name>web</display-name>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- general faces mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<!-- special faces mapping, only needed for welcome file.
see http://stackoverflow.com/questions/4616493/how-to-set-jsf2-welcome-file-with-faces-servlet-mapping -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/views/security/login.faces</welcome-file>
<!-- <welcome-file>/views/project/project-input.xhtml</welcome-file> -->
<!-- <welcome-file>index.html</welcome-file> -->
</welcome-file-list>
<security-constraint>
<!-- handles "No authenticator available for programmatic login" on JBoss
AS -->
<web-resource-collection>
<web-resource-name>all-pages</web-resource-name>
<description>Sicherheitsumgebung für alle Seiten</description>
<url-pattern>/faces/views/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>normal users, have read-only access to data</description>
<role-name>user</role-name>
</security-role>
<security-role>
<description>privileged admins, have full access to data</description>
<role-name>admin</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>jaas-realm</realm-name>
<form-login-config>
<form-login-page>/views/security/login.xhtml</form-login-page>
<form-error-page>/faces/views/security/not-logged-in.xhtml</form-error-page>
</form-login-config>
</login-config>
<error-page>
<error-code>403</error-code>
<location>/faces/views/security/not-logged-in.xhtml</location>
</error-page>
这是我的jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>jaas-realm</security-domain>
</jboss>
这是我在Jboss的standalone-full.xml中的安全域配置
<security-domain name="jaas-realm">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/mydb"/>
<module-option name="principalsQuery" value="select password from person where emailaddress=?"/>
<module-option name="rolesQuery" value="select rolename, 'Roles' from userrole where emailaddress=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="base64"/>
</login-module>
</authentication>
</security-domain>
SecurityAction无法成功执行此方法:
servletRequest.login( securityStatus.getUserName(), securityStatus.getPassword() );
我得到了以下堆栈跟踪:
[io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:440)
de.web.actions.security.SecurityActions.login(SecurityActions.java:42)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:606)
com.sun.el.parser.AstValue.invoke(AstValue.java:292)
com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:304)
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87)
com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
javax.faces.component.UICommand.broadcast(UICommand.java:315)
javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
javax.faces.webapp.FacesServlet.service(FacesServlet.java:646)
io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
de.web.web.filters.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:21)
io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
java.lang.Thread.run(Thread.java:745)]