自定义Glassfish安全领域不起作用(无法找到LoginModule)

时间:2010-12-24 13:50:21

标签: security java-ee glassfish glassfish-3

我正试图在Glassfish中使用自定义安全领域(我尝试了3.0.1 final和3.1 B33)。我阅读了几乎所有关于此的教程,但它并不适用于我的系统。我收到了错误

Login failed: javax.security.auth.login.LoginException: unable to find LoginModule class: com.company.security.realm.CustomLoginModule

尝试登录时。

这是我做的: 我创建了一个小Maven项目,其中包含所需的Realm类CustomRealm和相应的LoginModule,CustomLoginModule。 我的pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.mycompany</groupId>
  <artifactId>security.realm</artifactId>
  <version>1.0-SNAPSHOT</version>
  <packaging>jar</packaging>

  <name>Custom JDBCRealm</name>
  <url>http://maven.apache.org</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  </properties>

  <dependencies>
    <dependency>
        <groupId>org.glassfish.security</groupId>
        <artifactId>security</artifactId>
        <version>3.1-b33</version>
    </dependency>
  </dependencies>

  <build>
      <plugins>
          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <configuration>
                <source>1.6</source>
                <target>1.6</target>
                <optimise>true</optimise>
                <debug>true</debug>
                <encoding>UTF-8</encoding>
            </configuration>
        </plugin>    
      </plugins>
  </build>
</project>

My Custom Realm类:

package com.company.security.realm;

import com.sun.appserv.security.AppservRealm;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import java.util.Enumeration;
import java.util.Properties;
import java.util.Vector;

public class CustomRealm extends AppservRealm
{
    Vector<String> groups = new Vector<String>();

    private String jaasCtxName;

    private String startWith;

    @Override
    public void init(Properties properties)
    throws BadRealmException, NoSuchRealmException {
        jaasCtxName = properties.getProperty("jaas-context", "customRealm");
        startWith = properties.getProperty("startWith", "z");
        groups.add("dummy");
    }

    @Override
    public String getAuthType()
    {
        return "Custom Realm";
    }

    public String[] authenticate(String username, char[] password) 
    {
        // if (isValidLogin(username, password))
        return (String[]) groups.toArray();
    }

    @Override
    public Enumeration getGroupNames(String username) 
    throws InvalidOperationException, NoSuchUserException 
    {
        return groups.elements();
    }

    @Override 
    public String getJAASContext()
    {
        return jaasCtxName;
    }

    public String getStartWith()
    {
        return startWith;
    }
}

我的LoginModule类:

package com.company.security.realm;

import com.sun.appserv.security.AppservPasswordLoginModule;
import com.sun.enterprise.security.auth.login.common.LoginException;
import java.util.Set;
import org.glassfish.security.common.PrincipalImpl;

public class CustomLoginModule extends AppservPasswordLoginModule
{
    @Override
    protected void authenticateUser() throws LoginException
    {
        _logger.info("CustomRealm : authenticateUser for " +  _username);
        final CustomRealm realm = (CustomRealm)_currentRealm;

        if ( (_username == null) || (_username.length() == 0) || !_username.startsWith(realm.getStartWith())) 
            throw new LoginException("Invalid credentials");

        String[] grpList = realm.authenticate(_username, getPasswordChar()); 
        if (grpList == null) { 
            throw new LoginException("User not in groups");
        }

        _logger.info("CustomRealm : authenticateUser for " +  _username);

        Set principals = _subject.getPrincipals();
        principals.add(new PrincipalImpl(_username));

        this.commitUserAuthentication(grpList);

    }

}

我编译了这个Maven项目,并将生成的JAR文件复制到Glassfish / lib目录。然后我用asadmin将安全领域“customRealm”添加到我的Glassfish:

asadmin create-auth-realm 
  --classname com.company.security.realm.CustomRealm 
  --property jaas-context=customRealm:startWith=a customRealm

我还引用了Custom Realm的JAAS上下文的LoginModule类,因此我将其插入到我的域的login.conf中:

customRealm {
  com.company.security.realm.CustomLoginModule required;
};

虽然这个LoginModule应该在Glassfish类路径上,因为它的classfile打包在我放入Glassfish / lib-dir的JAR中,当我尝试登录时找不到它。对于登录,我构建了一个简单的JSF项目,它调用Servlet 3.0的HttpServletRequest-login-method。 尝试登录时,我收到以下异常:

2010-12-24T14:41:31.613+0100|WARNING|glassfish3.0.1|
javax.enterprise.system.container.web.com.sun.web.security|_ThreadID=25;
_ThreadName=Thread-1;|Web login failed: Login failed: 
javax.security.auth.login.LoginException: unable to find LoginModule class:
com.company.security.realm.CustomLoginModule

任何人都知道我可以做什么,Glassfish加载LoginModule类?

2 个答案:

答案 0 :(得分:8)

知道了。似乎较新的Glassfish版本要求将Security Realm和LoginModule打包为OSGi模块,然后将其复制到glassfish/modules

因此,我更改了我的pom.xml以创建一个OSGi包,其中包含CustomRealm和CustomLoginModule。

这是:

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.mycompany</groupId>
    <artifactId>security.realm</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>bundle</packaging>

    <name>Custom JDBCRealm OSGi</name>
    <url>http://maven.apache.org</url>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.glassfish.security</groupId>
            <artifactId>security</artifactId>
            <version>3.1-b33</version>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.6</source>
                    <target>1.6</target>
                    <optimise>true</optimise>
                    <debug>true</debug>
                    <encoding>UTF-8</encoding>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.felix</groupId>
                <artifactId>maven-bundle-plugin</artifactId>
                <extensions>true</extensions>
                <configuration>
                    <instructions>
                        <Export-Package>
                            ${project.groupId}.${project.artifactId};version=${project.version}
                        </Export-Package>
                        <Import-Package>
                            com.sun.appserv.security,
                            org.glassfish.security.common,
                            com.sun.enterprise.security.auth.realm,
                            com.sun.enterprise.security.auth.login.common,
                            java.util,
                            javax.security.auth
                        </Import-Package>
                    </instructions>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

修改

在这里找到了一个很好的额外资源: http://blogs.oracle.com/nithya/entry/modularized_osgi_custom_realms_in ,Realm和它的LoginModule构建为hk2-jar。

答案 1 :(得分:0)

这让我发疯了,我终于破解了在glassfish 3.1中创建一个自定义领域,结果当然它真的很容易。以下文档是关键:http://docs.oracle.com/cd/E18930_01/html/821-2418/beabo.html ...请注意,它与上述答案有所不同。

相关问题
最新问题