我在Payara 4.1 / GlassFish 4.1中遇到RolesAllowed
/ HttpConstraint
时出现问题。我正在使用捆绑在EAR中的EJB和Web模块的应用程序。我用@RolesAllowed和@HttpConstraint注释了几个Servlet,但它们似乎被忽略了。
我已经创建了4个Servlet,我基本上循环遍历RolesAllowed
和HttpConstraint
。前两个使用servlet有DeclareRoles
,最后两个没有。
前两个servlet继承ServletBase
,继承HttpServlet
,而后两个直接继承HttpServlet
。
所有四个servlet的输出都是相同的。我被要求登录,然后是以下内容:
Role 1 No Yes true Role 2 No No false System Administrator No No false
据我所知,request.isUserInRole在servlet中按预期运行,但在JSP中没有。我登录的用户具有角色1。
我不知道我在哪里出错了。我可以使用带有安全性约束的web.xml来完成工作,但注释会让我的生活更轻松。
我也不确定为什么对HttpServletRequest#isUserInRole
的调用在JSP中失败但在servlet中按预期工作。它在servlet中工作是令人鼓舞的,因为它应该表明我正确地设置了我的JDBC领域。那,因为我可以验证罚款。
我不知道从哪里开始。
DebugServlet.java
@WebServlet("/Debug")
public class DebugServlet extends HttpServlet
{
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
// TODO Auto-generated method stub
Gson gson = new Gson();
response.getWriter().append(gson.toJson(request.getUserPrincipal()));
response.getWriter().append(" ");
response.getWriter().append(gson.toJson(request.isUserInRole("sysAdmin")));
response.getWriter().append(" ");
response.getWriter().append(gson.toJson(request.isUserInRole("role1")));
response.getWriter().append(" ");
response.getWriter().append(gson.toJson(request.isUserInRole("role2")));
}
}
/调试
{"password":["p","a","s","s","w","o","r","d"],"useCertificate":false,"secCtx":{"SERVER_GENERATED_SECURITY_CONTEXT":false,"initiator":{"name":"username"},"subject":{"principals":[{"name":"username"},{"name":"Role 1"}],"readOnly":false}},"name":"username"} false true false
DebugServlet2.java
@WebServlet("/Debug2")
@RolesAllowed({"sysAdmin"})
@DeclareRoles({"sysAdmin", "role1", "role2"})
public class Debug2 extends ServletBase
{
/**
* Default constructor.
*/
public Debug2()
{
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
request.setAttribute("isRole1", request.isUserInRole("role1"));
request.setAttribute("isRole2", request.isUserInRole("role2"));
request.setAttribute("isSysAdmin", request.isUserInRole("sysAdmin"));
request.getRequestDispatcher("/WEB-INF/debug/index.jsp").forward(request, response);
}
}
/WEB-INF/debug/index.jsp
<body>
<table>
<tr>
<td>Role 1</td>
<td><c:choose>
<c:when test="${request.isUserInRole('role1') == true }">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td><c:choose>
<c:when test="${isRole1== true }">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td>${request.isUserInRole('role1') }</td>
<td>${isRole1 }</td>
</tr>
<tr>
<td>Role 2</td>
<td><c:choose>
<c:when
test="${request.isUserInRole('role2')== true }">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td><c:choose>
<c:when test="${isRole2 == true}">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td>${request.isUserInRole('role2') }</td>
<td>${isRole2 }</td>
</tr>
<tr>
<td>System Administrator</td>
<td><c:choose>
<c:when test="${request.isUserInRole('sysAdmin')== true }">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td><c:choose>
<c:when test="${isSysAdmin == true}">Yes</c:when>
<c:otherwise>No</c:otherwise>
</c:choose></td>
<td>${request.isUserInRole('sysAdmin') }</td>
<td>${isSysAdmin }</td>
</tr>
</table>
</body>
的glassfish-web.xml中
<glassfish-web-app>
<context-root>/slam-web</context-root>
<security-role-mapping>
<role-name>role2</role-name> <!-- GlassFish Name -->
<group-name>Role 2</group-name> <!-- DB Name -->
</security-role-mapping>
<security-role-mapping>
<role-name>role1</role-name> <!-- GlassFish Name -->
<group-name>Role 1</group-name> <!-- DB Name -->
</security-role-mapping>
<security-role-mapping>
<role-name>sysAdmin</role-name> <!-- GlassFish Name -->
<group-name>System Administrator</group-name> <!-- DB Name -->
</security-role-mapping>
</glassfish-web-app>
的web.xml
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" metadata-complete="false" version="3.1">
<display-name>app-web</display-name>
<welcome-file-list>
<welcome-file>Debug</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>app-secure</realm-name>
<form-login-config>
<form-login-page>/Login</form-login-page>
<form-error-page>/401.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>role2</role-name>
</security-role>
<security-role>
<role-name>sysAdmin</role-name>
</security-role>
<security-constraint>
<display-name>Everyone</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<description></description>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>role1</role-name>
<role-name>role2</role-name>
<role-name>sysAdmin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<display-name>Allow JS and CSS</display-name>
<web-resource-collection>
<web-resource-name>resources</web-resource-name>
<description></description>
<url-pattern>/Debug</url-pattern>
<url-pattern>/Logout</url-pattern>
<url-pattern>/Login</url-pattern>
<url-pattern>*.js</url-pattern>
<url-pattern>*.css</url-pattern>
<url-pattern>*.png</url-pattern>
</web-resource-collection>
</security-constraint>
<error-page>
<error-code>403</error-code>
<location>/WEB-INF/public/403.jsp</location>
</error-page>
</web-app>