我正在使用有关数据库用户的jboss安全性教程,但我遇到了问题,而且我不知道问题出在哪里。
jboss direcotry中的standalone.xml
<security-domain name="databaseDomain">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/MySqlDS"/>
<module-option name="principalsQuery" value="SELECT password FROM users WHERE username=?"/>
<module-option name="rolesQuery" value="SELECT role, 'Roles' FROM roles WHERE username=?"/>
</login-module>
</authentication>
</security-domain>
我的web.xml
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secret area</web-resource-name>
<url-pattern>/secure</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
</web-app>
jboss web xml
<jboss-web>
<security-domain>databaseDomain</security-domain>
</jboss-web>
的persistence.xml
<persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
<persistence-unit name="Security">
<jta-data-source>java:/MySqlDS</jta-data-source>
<properties>
<property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/>
</properties>
</persistence-unit>
</persistence>
我的实体用户:
@Entity
public class User {
@Id
private String username;
private String password;
@ElementCollection
@CollectionTable(name = "roles", joinColumns = @JoinColumn(name = "username", referencedColumnName = "username"))
@Column(name = "role")
private Set<String> roles = new HashSet<>();
public User(String name, String password, String role) {
this.username = name;
this.password = password;
this.roles.add(role);
}
public User() {
}
...setters and getters
现在让我们开始添加用户并尝试登录....
my database before adding user
现在让我们输入注册表格
现在允许在添加用户后检查数据库,检查表角色和用户
现在让我们尝试登录
即时输入用户和密码,然后重定向到错误页面
这是我在web.xml中使用的安全servlet
@WebServlet("/secure")
public class Secure extends HttpServlet {
private static final long serialVersionUID = 1L;
public Secure() {
}
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
Principal userPrincipal = request.getUserPrincipal();
String name = userPrincipal.getName();
response.getWriter().println("welcome: " + name);
}
}
你能帮忙吗,我做错了什么?