Javaee Jboss j_security_check登录总是失败

时间:2017-02-25 14:30:38

标签: java-ee wildfly j-security-check

我想为我的Java EE项目做一个简单的j_security_check登录,我发现这个Tutorial用WildFly Server进行设置但是还不能让它工作。每次我尝试登录时,都会被重定向到错误页面。

这是我的代码:

的JBoss-web.xml中

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <security-domain>testDSSS</security-domain>
</jboss-web>

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>test123.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>administrator</web-resource-name>
          <url-pattern>/pages/admin/*</url-pattern>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
          <http-method>PUT</http-method>
          <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>ADMINISTRATOR</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>user</web-resource-name>
            <url-pattern>/pages/user/*</url-pattern>
            <http-method>POST</http-method>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>ADMINISTRATOR</role-name>
          <role-name>USER</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>testDSSS</realm-name>
        <form-login-config>
            <form-login-page>/pages/login.xhtml</form-login-page>
            <form-error-page>/pages/error.xhtml</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
      <role-name>ADMINISTRATOR</role-name>
    </security-role> 
    <security-role>
      <role-name>USER</role-name>
    </security-role> 
</web-app>

login.xhtml 

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://xmlns.jcp.org/jsf/html"
      xmlns:f="http://xmlns.jcp.org/jsf/core">
    <h:head>
        <title>TODO supply a title</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
    </h:head>
    <h:body>
        <form action="j_security_check" method="post" class="form-horizontal">
    <div class="form-group">
        <label class="control-label col-sm-2">Username:</label>
        <div class="col-sm-10">
            <input type="text" class="" name="j_username" placeholder="Username" />     
        </div>
    </div>
    <div class="form-group">
        <label class="control-label col-sm-2">Password:</label>
        <div class="col-sm-10">
            <input type="password" class="" name="j_password" placeholder="Password" />     
        </div>
    </div>
    <div class="form-group">
        <div class="col-sm-offset-2 col-sm-10">
            <button type="submit" class="btn btn-primary">Login</button>        
        </div></div>
        </form>
    </h:body>
</html>

我为安全配置添加的WildFly standalone_full.xml代码

<security-domains>
                <security-domain name="testDSSS" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/testDSSS"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </login-module>
                    </authentication>
                    <authorization>
                        <policy-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/testDSSS"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </policy-module>
                    </authorization>
                </security-domain>

有谁知道我做错了什么?

1 个答案:

答案 0 :(得分:1)

我遇到了同样的问题。对于我的情况,结果是standalone-full.xml中的SQL查询(rolesquery和principalsquery)不正确,因为我没有使用列名用户名和密码,但有些不同。

相关问题
最新问题