我正在尝试在我的Java EE桌面应用程序(maven项目)中实现JAAS,而我正在使用Wildfly9服务器。但我遇到了这个问题:
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEE0041: Component class tn.esprit.jaas.EgovDriver for component EgovDriver has errors:
WFLYJPA0059: javax.persistence.PersistenceContext injection target is invalid. Only setter methods are allowed: boolean tn.esprit.jaas.EgovDriver.secureConnect(java.lang.String, java.lang.String)
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor$1.handle(ModuleJndiBindingProcessor.java:158)
at org.jboss.as.ee.component.ClassDescriptionTraversal.run(ClassDescriptionTraversal.java:54)
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor.processClassConfigurations(ModuleJndiBindingProcessor.java:187)
at org.jboss.as.ee.component.deployers.ModuleJndiBindingProcessor.deploy(ModuleJndiBindingProcessor.java:144)
at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:156)
... 5 more
这是我的JAAS代码,我知道它存在很多问题,请帮我解决。 CallbackHundler:
package tn.esprit.jaas;
import java.io.IOException;
import javax.ejb.Stateless;
import javax.persistence.PersistenceContext;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
/**
* Session Bean implementation class EgovCallbackHandler
*/
@Stateless
public class EgovCallbackHandler implements EgovCallbackHandlerRemote ,CallbackHandler {
@PersistenceContext(name="egovernment")
private static String[] details=null;
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
System.out.println("EgovCallbackHandler");
NameCallback nameCallback = (NameCallback) callbacks[0];
System.out.println(nameCallback.getPrompt());
nameCallback.setName(details[0]);
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
System.out.println(passwordCallback.getPrompt());
passwordCallback.setPassword(details[1].toCharArray());
}
@Override
public String[] enterDetailConnexion(String login, String password){
details = new String[2];
details[0]=login;
details[1]=password;
return details;
}
}
LoginModule:
import java.io.IOException;
import java.util.Map;
import javax.ejb.Stateless;
import javax.persistence.PersistenceContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import tn.esprit.domain.Agent;
import tn.esprit.services.AgentGestion;
/**
* Session Bean implementation class EgovLoginModule
*/
@Stateless
public class EgovLoginModule implements EgovLoginModuleRemote,LoginModule {
@PersistenceContext(name="egovernment")
public static final String[][] TEST_USERS = {{"u1","p1"},{"u2","p2"}};
private Subject subject = null;
private CallbackHandler callbackHandler = null;
private EgovPrincipal egovPrincipal = null;
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject=subject;
this.callbackHandler=callbackHandler;
System.out.println("initialize");
}
@Override
public boolean login() throws LoginException {
boolean flag=false;
Agent agent=null;
AgentGestion ag;
System.out.println("login");
Callback[] callbacksArray =new Callback[2];
callbacksArray[0]=new NameCallback("Username: ");
callbacksArray[1]=new PasswordCallback("Password: ",false);
try {
callbackHandler.handle(callbacksArray);
String name =((NameCallback) callbacksArray[0]).getName();
String password = new String (((PasswordCallback) callbacksArray[1]).getPassword());
agent = new Agent();
ag = new AgentGestion();
agent = ag.Authentification(name, password);
if (agent.getLogin().equals(name) && agent.getPwd().equals(password)){
egovPrincipal = new EgovPrincipal(name);
System.out.println("log succeess......");
flag = true;
}
if(flag==false) throw new FailedLoginException("log fail............");
} catch (IOException | UnsupportedCallbackException e) {
e.printStackTrace();
}
return flag;
}
@Override
public boolean commit() throws LoginException {
boolean flag = false;
System.out.println("coomit");
if(subject != null && !subject.getPrincipals().contains(egovPrincipal)){
subject.getPrincipals().add(egovPrincipal);
flag=true;
}
return flag;
}
@Override
public boolean abort() throws LoginException {
if(subject !=null && egovPrincipal != null && subject.getPrincipals().contains(egovPrincipal))
subject.getPrincipals().remove(egovPrincipal);
subject = null;
egovPrincipal = null;
System.out.println("abort");
return true;
}
@Override
public boolean logout() throws LoginException {
subject.getPrincipals().remove(egovPrincipal);
subject=null;
System.out.println("logout");
return true;
}
}
负责人:
package tn.esprit.jaas;
import java.io.Serializable;
import java.security.Principal;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.inject.Named;
import javax.persistence.PersistenceContext;
/**
* Session Bean implementation class EgovPrincipal
*/
@Named
@RequestScoped
public class EgovPrincipal implements Principal, Serializable {
@PersistenceContext(name="egovernment")
private static final long serialVersionUID = 1L;
@Inject
private final String name;
public EgovPrincipal(String name) {
this.name = name;
}
@Override
public String getName() {
return name;
}
@Override
public boolean equals(Object obj) {
boolean flag = false;
if(obj instanceof EgovPrincipal)
flag = name.equals(((EgovPrincipal)obj).getName());
return flag;
}
}
驱动:
package tn.esprit.jaas;
import javax.ejb.Stateless;
import javax.persistence.PersistenceContext;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import tn.esprit.jaas.EgovCallbackHandler;
/**
* Session Bean implementation class EgovDriver
*/
@Stateless
public class EgovDriver implements EgovDriverRemote {
@PersistenceContext(name="egovernment")
public boolean secureConnect(String login, String password){
boolean flag = false;
EgovCallbackHandler ech = new EgovCallbackHandler();
System.setProperty("java.security.auth.login.config", "jaas.configFile");
LoginContext loginContext=null;
while (true){
try {
ech.enterDetailConnexion(login, password);
loginContext = new LoginContext("EgovJaas", new EgovCallbackHandler());
loginContext.login();
return flag = true;
//while (flag) flag = egovDriver.performedAction(loginContext);
} catch (LoginException e) {
System.out.println("++++++++" +e.getMessage());
return flag;
}
}
}
}
答案 0 :(得分:1)
并非100%清楚您正在尝试做什么。 &#34; Java EE桌面应用程序&#34;意味着您是否尝试从客户端应用程序访问远程EJB?
无论如何,你的方法似乎有问题,从哪里开始有点困难。
但是要从某个地方开始,你在这里使用普通的JAAS代码,但JAAS is not the universal standard you may think it is。并非每个应用程序服务器都使用它。当他们这样做时,特别是JBoss / WildFly,they all do it totally differently。
具体而言,您可以在LoginModule
public boolean commit() throws LoginException {
boolean flag = false;
if (subject != null && !subject.getPrincipals().contains(egovPrincipal)) {
subject.getPrincipals().add(egovPrincipal);
flag=true;
}
return flag;
}
我假设您认为WildFly会以某种方式知道egovPrincipal
将成为user principal
(例如HttpServletRequest#getUserPrincipal
返回的那个)。不幸的是,情况并非如此。如前所述,每个服务器都有自己的方法。对于JBoss / WildFly,它是the first principal that is not of type Group, or the single principal in the CallerPrincipal
group。
下一个大问题是你制作了所有JAAS artefacts EJB组件,而Principal是一个范围广泛的CDI bean。这也行不通。 IFF服务器正在使用它自己的JAAS风格(并且甚至不记得所有服务器都使用它),然后它总是通过普通类(没有EE组件注释)使用。入口点(引导程序)通常通过在服务器特定的XML文件中列出LoginModule
类来完成。对于JBoss / WildFly,这是standalone.xml
。
请注意,对于Java EE 8,我们正在尝试大大简化设置和自定义安全性。通过这种方法,您确实可以使用Java EE组件(CDI)来实现各种人工制品。请参阅reference implementation Soteria,特别是examples。