对于集成测试EAR,我需要我的Wildfly才能登录具有特定角色的不同用户。
org.jboss.security.auth.spi.SimpleServerLoginModule不允许我指定角色org.jboss.security.auth.spi.IdentityLoginModule不允许不同的用户显然我需要使用不同的东西。我试图使用这样的临时数据库:
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName" value="java:/AcmeDS" />
<module-option name="principalsQuery" value="SELECT ?" />
<module-option name="rolesQuery" value="SELECT 'my_role', 'Roles'" />
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
... AAAND:
<datasources>
<datasource jndi-name="java:/AcmeDS" pool-name="AcmeDS" enabled="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<pool>
<min-pool-size>10</min-pool-size>
<max-pool-size>20</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
正如JBoss tutorial中所述。我仍然为客户提供以下例外:
java.lang.RuntimeException: javax.security.sasl.SaslException: Authentication failed: the server presented no authentication mechanisms
at org.jboss.ejb.client.remoting.IoFutureHelper.get(IoFutureHelper.java:92)
at org.jboss.ejb.client.remoting.ConnectionPool.getConnection(ConnectionPool.java:77)
at org.jboss.ejb.client.remoting.RemotingConnectionManager.getConnection(RemotingConnectionManager.java:51)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.setupEJBReceivers(ConfigBasedEJBClientContextSelector.java:155)
at org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector.getCurrent(ConfigBasedEJBClientContextSelector.java:115)
5分钟后我得到了(我不知道有任何变化):all available authentication mechanisms failed
(直到我需要一个角色,我觉得客户端的设置还可以。)
我做错了什么?我怎样才能让Wildfly至少显示异常或其他东西,以便我可以调试问题?是否有更好的方法让Wilfly承认具有特定角色的不同用户?
答案 0 :(得分:1)
查看Java Security Quickstart Archetype。它已经制定了Java EE安全性,至少在我认为你想要做的水平上。
简而言之,您需要拥有一个安全域,更像是:
<security-domain name="jboss-security-quickstart" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
<module-option name="principalsQuery" value="SELECT PASSWORD FROM USER WHERE EMAIL=?"/>
<module-option name="rolesQuery" value="SELECT R.ROLE, 'Roles' FROM ROLE R INNER JOIN USER_ROLE UR ON UR.ROLES_ID = R.ID INNER JOIN USER U ON U.ID = UR.USER_ID WHERE U.EMAIL=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="hashCharset" value="utf-8"/>
</login-module>
</authentication>
</security-domain>
您需要在WEB-INF目录中有一个指向它的jboss-web.xml:
<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.org/schema/jbossas
http://www.jboss.org/schema/jbossas/jboss-web_7_2.xsd">
<!-- Configure usage of the security domain "javaee-security-quickstart" -->
<security-domain>javaee-security-quickstart</security-domain>
<disable-audit>true</disable-audit>
</jboss-web>
使用它的web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>User Views</web-resource-name>
<url-pattern>/views/user/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/views/login.xhtml</form-login-page>
<form-error-page>/views/login.xhtml?Retry=True</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<role-name>USER</role-name>
</security-role>
这些是基础知识,但实际上看起来更容易一些。