Question

我需要在wildfly 10上运行自定义登录（我确实需要一个自定义实现）模块和client-cert auth，但模块本身永远不会执行。同样的方法是在jboss 6上工作。

我的自定义模块：

public class WsLoginModule implements LoginModule {

@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
        Map<String, ?> options) {
  System.out.println("initialize()");
}

@Override
public boolean login() throws LoginException {
    System.out.println("login()");
    return true;
}

@Override
public boolean commit() throws LoginException {
    System.out.println("commit()");
    return true;
}

@Override
public boolean abort() throws LoginException {
    System.out.println("abort()");
    return true;
}

@Override
public boolean logout() throws LoginException {
    System.out.println("logout()");
    return true;
}

}

的web.xml

<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<security-constraint>
    <web-resource-collection>
        <web-resource-name>action</web-resource-name>
        <description>constraint</description>
        <url-pattern>/*</url-pattern>
        <http-method>HEAD</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>myapp</role-name>
    </auth-constraint>
    <user-data-constraint>
        <description>no description</description>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>custom-security-domain</realm-name>
</login-config>
<security-role>
    <description></description>
    <role-name>myapp</role-name>
</security-role>

的JBoss-web.xml中

<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee 
http://www.jboss.org/j2ee/schema/jboss-web_6_0.xsd" version="6.0">
<security-domain>custom-security-domain</security-domain>

在standalone.xml上，包含ssl cert config：

        <security-realm name="SslRealm">
            <server-identities>
                <ssl>
                    <keystore path="/home/me/keystore.javaks" keystore-password="passwd"/>
                </ssl>
            </server-identities>
        </security-realm>

另外，我在standalone.xml上的自定义安全域

            <security-domain name="custom-security-domain" cache-type="default">
                <authentication>
                    <login-module code="my.app.WsLoginModule" flag="required"/>
                </authentication>
            </security-domain>

甚至更改了default-security-domain

<default-security-domain value="custom-security-domain"/>

最后，https-listener

<https-listener name="default-ssl" security-realm="SslRealm" socket-binding="https"/>

如上所示，一切似乎都没问题，但是我只得到了＃34;禁止＆＃34;尝试执行简单任务作为调用Web服务时（即使在提供证书时）。这里奇怪的是我的班级＆＃34; WsLoginModule＆＃34;从来没有被执行过。

我错过了什么吗？

Answer 1

将登录模块的代码放在JBoss模块中。按照有关如何执行此操作的文档，数据库JDBC驱动程序存在许多示例。

wildfly 10自定义登录模块，其中client-cert auth未执行

1 个答案: