Question

我对以下安全域有一种奇怪的行为：

                <security-domain name="Login-JBoss">
                <authentication>
                    <login-module code="com.agfa.orbis.security.auth.OrbisServerLoginModule" flag="requisite" module="com.agfa.orbis.security">
                        <module-option name="datasource" value="java:/OracleDS"/>
                    </login-module>
                    <login-module code="org.keycloak.adapters.jaas.BearerTokenLoginModule" flag="sufficient" module="org.keycloak.keycloak-adapter-core">
                        <module-option name="keycloak-config-file" value="${jboss.server.config.dir}/keycloak.json"/>
                    </login-module>
                    <login-module code="com.agfa.orbis.security.auth.OrbisLdapLoginModule" flag="sufficient" module="com.agfa.orbis.security">
                        <module-option name="try_first_pass" value="true"/>
                        <module-option name="datasource" value="java:/OracleDS"/>
                    </login-module>
                    <login-module code="com.agfa.orbis.security.auth.OrbisDatabaseLoginModule" flag="required" module="com.agfa.orbis.security">
                        <module-option name="try_first_pass" value="true"/>
                        <module-option name="datasource" value="java:/OracleDS"/>
                    </login-module>
                </authentication>
            </security-domain>

如您所见，模块com.agfa.orbis.security中定义了三个LoginModule，其中一个在模块org.keycloak.keycloak-adapter-core中定义。当我尝试对安全域进行身份验证时，我在服务器日志中得到了以下输出（我删除了标有点的中间的一些不相关的行）：

    2017-01-12 08:31:17,495 TRACE [org.jboss.security] (default task-12) () PBOX00224: End getAppConfigurationEntry(Login-JBoss), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: com.agfa.orbis.security.auth.OrbisServerLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=datasource, value=java:/OracleDS
[1]
LoginModule Class: org.keycloak.adapters.jaas.BearerTokenLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=keycloak-config-file, value=D:\views\oas\oas-08042800\server\orbis-as-08.04.28.00.a20170104195120-DACHL\standalone\configuration/keycloak.json
[2]
LoginModule Class: com.agfa.orbis.security.auth.OrbisLdapLoginModule
ControlFlag: LoginModuleControlFlag: sufficient
Options:
name=try_first_pass, value=true
name=datasource, value=java:/OracleDS
[3]
LoginModule Class: com.agfa.orbis.security.auth.OrbisDatabaseLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=try_first_pass, value=true
name=datasource, value=java:/OracleDS

..........

2017-01-12 08:31:17,499 TRACE [org.jboss.security] (default task-12) () PBOX00236: Begin initialize method
2017-01-12 08:31:17,524 DEBUG [org.jboss.security] (default task-12) () PBOX00206: Login failure: javax.security.auth.login.LoginException: LoginModule-Klasse kann nicht gefunden werden: org.keycloak.adapters.jaas.BearerTokenLoginModule from [Module "deployment.orbis-framework.war:main" from Service Module Loader]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:794)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406)
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323)
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)
    at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123)
    at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:94)
    at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:167)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:263)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
    at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
    at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
    at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
    at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
    at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
    at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
    at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
    at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
    at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
    at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
    at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
    at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
    at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
    at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

2017-01-12 08:31:17,524 TRACE [org.jboss.security] (default task-12) () PBOX00201: End isValid, result = false

我很惊讶只能在调试模式下找到“ClassNotFoundException”，但这根本不是我的主要问题。我很惊讶的问题是，当我将模块org.keycloak.keycloak-adapter-core定义为全局模块（它也表明模块已正确安装）时，它工作正常。在测试期间，当我从配置中删除最后两个LoginModule时，我还检测到我得到了同样的错误，但对于类com.agfa.orbis.security.auth.OrbisServerLoginModule。所以它似乎是：只有最后定义的模块的类是类路径的一部分，但这只是一个假设。

你知道这里出了什么问题吗？欢迎任何帮助！

Answer 1

我在尝试使用Keycloak保护某些网络服务时遇到了同样的错误。

我找到的解决方案是在生成的MANIFEST.MF中添加对Keycloak模块的依赖关系（即＆＃34; keycloak-adapter-core＆＃34;模块）。

如果您使用Maven构建项目，可以通过配置＆＃34; maven-jar-plugin＆＃34;来实现这一目标。（＆＃34;存档＆＃34;是相关部分）。

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-jar-plugin</artifactId>
        <version>3.0.2</version>
        <configuration>
            <archive>
                <manifestEntries>
                    <Dependencies>org.keycloak.keycloak-adapter-core</Dependencies>
                </manifestEntries>
            </archive>
        </configuration>
    </plugin>

您生成的MANIFEST.MF应该有此条目：

Dependencies: org.keycloak.keycloak-adapter-core

您的Orbis配置可能会发生同样的错误。您可以添加以逗号分隔的两个依赖项。

供参考：

https://docs.jboss.org/author/display/MODULES/Manifest+module+information

Answer 2

我们通过添加＆＃39; org.keycloak.keycloak-adapter-core＆＃39;的依赖来解决错误。到＃com; agfa.orbis.security＆＃39;的module.xml。该模块由我们管理，因此易于实施。我无法解释为什么它有效但它有效： - /

在wildfly安全域中加载LoginModule的类加载问题

2 个答案: