Wildfly SWARM中的JASPIC配置

时间:2017-07-08 05:56:45

标签: wildfly wildfly-swarm

我需要一些帮助来配置Wildfly Swarm中的JASPIC身份验证。 JASPIC配置在普通的Wildfly中完美运行,但我不知道怎么能让它与Wildfly Swarm一起工作。我总是这个错误:

2017-07-07 11:15:08,819 ERROR [org.jboss.security] (default task-3) PBOX00374: Error getting ServerAuthContext for authContextId default-host /Tiles and security domain obbi-auth-id: javax.security.auth.message.AuthException
    at org.jboss.security.auth.message.config.JBossServerAuthConfig.getAuthContext(JBossServerAuthConfig.java:169)
    at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:99)
    at org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism.authenticate(JASPICAuthenticationMechanism.java:123)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.tranTISion(SecurityContextImpl.java:245)
    at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
    at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
    at io.undertow.security.impl.SecurityContextImpl.authTranTISion(SecurityContextImpl.java:99)
    at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
    at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
    at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

我的Wildfly独立配置有效

      <security-domain name="obbi-auth-id">
            <authentication-jaspi>
                <login-module-stack name="authid-loginmodule-stack">
                    <login-module code="com.obbi.domain.security.loginmodule.jwt.JWTLoginModule" flag="sufficient" module="com.obbi.domain.security">
                        <module-option name="expectedIssuer" value="CN=DI TIS signer"/>
                        <module-option name="expectedAudience" value="obbi"/>
                        <module-option name="allowedClockSkewInSeconds" value="30"/>
                        <module-option name="validateTokenSignature" value="false"/>
                        <module-option name="maxFutureValidityInMinutes" value="525600"/>
                        <module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks"/>
                        <module-option name="keyStorePassword" value="pass123"/>
                        <module-option name="validateCertificate" value="false"/>
                        <module-option name="loadSystemPrincipals" value="true"/>
                        <module-option name="loadSystemPrincipalsEndpoint" value="https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&amp;size=1000&amp;username=%s"/>
                        <module-option name="skipAllValidators" value="true"/>
                    </login-module>
                    <login-module code="com.obbi.domain.security.loginmodule.obbi.obbiLoginModule" flag="sufficient" module="com.obbi.domain.security">
                        <module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks"/>
                        <module-option name="keyStorePassword" value="pass123"/>
                        <module-option name="validateCertificate" value="false"/>
                        <module-option name="validateTokenExpiry" value="false"/>
                        <module-option name="validateTokenSignature" value="false"/>
                        <module-option name="loadSystemPrincipals" value="true"/>
                        <module-option name="loadSystemPrincipalsEndpoint" value="https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&amp;size=1000&amp;username=%s"/>
                    </login-module>
                </login-module-stack>
                <auth-module code="com.obbi.domain.security.JASPICServerAuthModule" flag="required" login-module-stack-ref="authid-loginmodule-stack"/>
            </authentication-jaspi>
        </security-domain>

我试图模仿上述Wildfly独立配置的Wildfly swarm配置是:

  private static SecurityFraction getSecurityFraction1() {
        return new SecurityFraction()
                .securityDomain("obbi-auth-id", sd -> {
                    sd.jaspiAuthentication(jaspi -> {
                        jaspi.loginModuleStack("authid-loginmodule-stack", stack -> {
                            stack.loginModule("com.obbi.domain.security.loginmodule.jwt.JWTLoginModule", value -> {
                                value.code("com.obbi.domain.security.loginmodule.jwt.JWTLoginModule")
                                        .flag(Flag.SUFFICIENT)
                                        .module("com.obbi.domain.security")
                                        .moduleOption("expectedIssuer", "CN=DI TIS signer")
                                        .moduleOption("expectedAudience", "obbi")
                                        .moduleOption("allowedClockSkewInSeconds", "30")
                                        .moduleOption("validateTokenSignature", "false")
                                        .moduleOption("maxFutureValidityInMinutes", "525600")
                                        .moduleOption("keyStoreFilePath", "C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks")
                                        .moduleOption("keyStorePassword", "pass123")
                                        .moduleOption("validateCertificate", "false")
                                        .moduleOption("loadSystemPrincipals", "true")
                                        .moduleOption("loadSystemPrincipalsEndpoint", "https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&amp;size=1000&amp;username=%s")
                                        .moduleOption("skipAllValidators", "true");
                                stack.loginModule("com.obbi.domain.security.loginmodule.obbi.obbiLoginModule", value1 -> {
                                    value1.code("com.obbi.domain.security.loginmodule.obbi.obbiLoginModule")
                                            .flag(Flag.SUFFICIENT)
                                            .module("com.obbi.domain.security")
                                            .moduleOption("keyStoreFilePath", "C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks")
                                            .moduleOption("keyStorePassword", "pass123")
                                            .moduleOption("validateCertificate", "false")
                                            .moduleOption("validateTokenExpiry", "false")
                                            .moduleOption("validateTokenSignature", "false")
                                            .moduleOption("loadSystemPrincipals", "true")
                                            .moduleOption("loadSystemPrincipalsEndpoint", "https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&amp;size=1000&amp;username=%s");
                                });
                            });
                        });

                        jaspi.authModule("com.obbi.domain.security.JASPICServerAuthModule", authModule -> {
                            authModule.code("com.obbi.domain.security.JASPICServerAuthModule")
                                    .flag(Flag.SUFFICIENT)
                                    .loginModuleStackRef("authid-loginmodule-stack");
                        });
                    });


                });
    }

在我的POM上,我添加了与普通wildfly

中的模块依赖关系相对应的所有依赖项
  <dependency>
        <groupId>org.picketbox</groupId>
        <artifactId>picketbox</artifactId>
        <version>4.9.6.Final</version>
        <type>pom</type>
    </dependency>
    <dependency>
        <groupId>org.picketbox</groupId>
        <artifactId>picketbox-infinispan</artifactId>
        <version>4.9.6.Final</version>
    </dependency>
    <dependency>
        <groupId>org.picketbox</groupId>
        <artifactId>picketbox-commons</artifactId>
        <version>1.0.0.final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.spec.javax.security.auth.message</groupId>
        <artifactId>jboss-jaspi-api_1.1_spec</artifactId>
        <version>1.0.0.Final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.security</groupId>
        <artifactId>jbossxacml</artifactId>
        <version>2.0.8.Final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.spec.javax.servlet</groupId>
        <artifactId>jboss-servlet-api_3.1_spec</artifactId>
        <version>1.0.0.Final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.logging</groupId>
        <artifactId>jboss-logging</artifactId>
        <version>3.3.0.Final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.spec.javax.xml.bind</groupId>
        <artifactId>jboss-jaxb-api_2.2_spec</artifactId>
        <version>1.0.4.Final</version>
    </dependency>
    <dependency>
        <groupId>javax.activation</groupId>
        <artifactId>activation</artifactId>
        <version>1.1.1</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.spec.javax.security.jacc</groupId>
        <artifactId>jboss-jacc-api_1.5_spec</artifactId>
        <version>1.0.0.Final</version>
    </dependency>
    <dependency>
        <groupId>org.jboss.spec.javax.resource</groupId>
        <artifactId>jboss-connector-api_1.7_spec</artifactId>
        <version>1.0.0.Final</version>
    </dependency> 

I also added the corresponding modules on src/main/resources/modules

但我还是得到了

 2017-07-07 11:15:08,819 ERROR [org.jboss.security] (default task-3) PBOX00374: Error getting ServerAuthContext for authContextId default-host /Tiles and security domain obbi-auth-id: javax.security.auth.message.AuthException

0 个答案:

没有答案