在Wildfly

时间:2017-10-21 14:24:58

标签: java security servlets java-ee wildfly

我正在尝试使用需要特定角色的servlet来运行基本项目。

在standalone.xml配置文件中,我添加了一个带有JDBC绑定的数据源,该数据源包含一个表,该表允许在我在同一文件中添加的特定安全域中定义的身份验证和授权

 <datasource jndi-name="java:jboss/datasources/TestDS" pool-name="TestDS" enabled="true">
                    <connection-url>jdbc:derby://localhost:1527/JPADB</connection-url>
                    <driver-class>org.apache.derby.jdbc.ClientDriver</driver-class>
                    <driver>derbyclient.jar</driver>
                    <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
                    <pool>
                        <min-pool-size>10</min-pool-size>
                        <max-pool-size>100</max-pool-size>
                        <prefill>true</prefill>
                    </pool>
                    <security>
                        <user-name>user</user-name>
                        <password>passw0rd</password>
                    </security>
                    <statement>
                        <prepared-statement-cache-size>32</prepared-statement-cache-size>
                        <share-prepared-statements>true</share-prepared-statements>
                    </statement>
                </datasource>

...

<security-domains>
                <security-domain name="testDomain" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:jboss/datasources/TestDS"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </login-module>
                    </authentication>
                    <authorization>
                        <policy-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:jboss/datasources/school"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </policy-module>
                    </authorization>
                </security-domain>

现在我已经部署了一个Dynamic Web Project,并在/ WebContent / WEB-INF文件夹中创建了一个jboss-web.xml文件 enter image description here

有了这个内容

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
  <security-domain>testDomain</security-domain>
</jboss-web>

以及包含此内容的web.xml文件

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">

  <display-name>WebApp</display-name>

  <welcome-file-list>
    <welcome-file>/webappname/index.xhtml</welcome-file>
  </welcome-file-list>


    <!--Defining security constraint for type of roles available--> 
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>administrator</web-resource-name>
      <url-pattern>/webappname/MyServlet/*</url-pattern>
      <http-method>POST</http-method>
      <http-method>GET</http-method>
      <http-method>PUT</http-method>
      <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>ADMINISTRATOR</role-name>
    </auth-constraint>
  </security-constraint>


  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>school</realm-name>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/error.xhtml</form-error-page>
    </form-login-config>
  </login-config>
    <!--Defining type of authenitcation mechanism-->

  <!--Denining security role-->
  <security-role>
    <role-name>ADMINISTRATOR</role-name>
  </security-role> 

  <security-role>
    <role-name>USER</role-name>
  </security-role> 
  <!--Denining security role-->

  </web-app>

服务器启动时没有任何错误。 问题是当我尝试访问servlet url http://127.0.0.1:8080/webappname/MyServlet时,页面被正确呈现并且不需要身份验证。

0 个答案:

没有答案