如何使用jaas验证用户角色并在Role的基础上将用户重定向到特定模块

Question

目标： 我在web.xml中定义了5个角色，我需要实现基于JAAS表单的身份验证。我可以成功登录，但是基于身份验证的重定向无法正常工作，但我仍在登录页面上，提示错误的用户名或密码。我不明白该如何处理。同样，用户可以具有多个角色，并且用户可以基于此漫游。我显然在使用JSF，primefaces，Wildfly 10.x，Maven构建结构，Mysql作为数据库和JAAS。

我已经在网上搜索过，但没有解决方案能够解决我的问题，但我仍在努力。

这是我的web.xml

<security-role>
<description>Administrator</description>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
    <description>Accounting</description>
    <role-name>ACCOUNTS</role-name>
</security-role>

<security-role>
    <description>HR Management</description>
    <role-name>HR</role-name>
</security-role>

<security-role>
    <description>normal pages</description>
    <role-name>BASIC</role-name>
</security-role>


<login-config>
     <auth-method>FORM</auth-method>
     <realm-name>custom-authentication-security</realm-name>
     <form-login-config>
          <form-login-page>/index.xhtml</form-login-page>

          <form-error-page>/index.xhtml?fail=true</form-error-page>

     </form-login-config>
</login-config>
<security-constraint>
    <web-resource-collection>
         <web-resource-name>custom-authentication-security</web-resource-name>
         <url-pattern>/user/*</url-pattern>
         <http-method>POST</http-method>
          <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
         <role-name>ADMIN</role-name>
         <role-name>HR</role-name>
         <role-name>ACCOUNTS</role-name>
         <role-name>BASIC</role-name>
   </auth-constraint>
</security-constraint>

jboss-web.xml是

<jboss-web>
        <security-domain>custom-authentication-security</security-domain>
</jboss-web>

这是在standalone.xml中定义的安全域：

 <security-domain name="custom-authentication-security" cache-type="default">
                    <authentication>
                        <login-module code="com.hotel.security.JAASLoginModule" flag="required">
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="base64"/>
                            <module-option name="unauthenticatedIdentity" value="guest"/>
                        </login-module>
                    </authentication>
</security-domain>

最后是我在JAASLoginModule中指定的login（）和commit（）：

public boolean login() throws LoginException {
        System.out.println("Login Mathod Called");

        if (callbackHandler == null){
            throw new LoginException("Error: no CallbackHandler available " +
            "to garner authentication information from the user");
        }
        Callback[] callbacks = new Callback[2];
        callbacks[0] = new NameCallback("username");
        callbacks[1] = new PasswordCallback("password: ", false);

        try {

            callbackHandler.handle(callbacks);
            username = ((NameCallback)callbacks[0]).getName();
            password = ((PasswordCallback)callbacks[1]).getPassword();

            if (debug) {
                LOGGER.debug("Username :" + username);
                LOGGER.debug("Password : " + new String(password));
            }

            if (username == null || password == null) {
                LOGGER.error("Callback handler does not return login data properly");
                throw new LoginException("Callback handler does not return login data properly"); 
            }
            System.out.println("Username:"+username);
            System.out.println("password:"+new String(password));
            System.out.println("isValidUser:"+isValidUser());


            if (isValidUser()) { //validate user.
                succeeded = true;
                return true;
            } 

        } catch (IOException e) { 
             e.printStackTrace();
        } catch (UnsupportedCallbackException e) {
             e.printStackTrace();
        }

        return false;
    }

    @Override
    public boolean commit() throws LoginException {
        if (succeeded == false) {
            return false;
        } else {
            System.out.println("Adding Principals");

            userPrincipal = new JAASUserPrincipal(username);
            if (!subject.getPrincipals().contains(userPrincipal)) {
                subject.getPrincipals().add(userPrincipal);
                LOGGER.debug("User principal added:" + userPrincipal);
            }
            passwordPrincipal = new JAASPasswordPrincipal(new String(password)); 
            if (!subject.getPrincipals().contains(passwordPrincipal)) {
                subject.getPrincipals().add(passwordPrincipal);
                LOGGER.debug("Password principal added: " + passwordPrincipal);
            }

            //populate subject with roles.
            List<String> roles = Arrays.asList( new String[] {"ADMIN","HR","ACCOUNT","BASIC"});
            for (String role: roles) {
                JAASRolePrincipal rolePrincipal = new JAASRolePrincipal(role);
                if (!subject.getPrincipals().contains(rolePrincipal)) {
                    System.out.println("Adding role :"+ role);
                    subject.getPrincipals().add(rolePrincipal); 
                    LOGGER.debug("Role principal added: " + rolePrincipal);
                }
            }

            SessionManagerBean sessionBean=SessionFactoryImpl.getSessionManagerBean();
            sessionBean.setCurrentCuser(new CUserServiceImpl().getUserByName(username));

            sessionBean.setIsadmin(true);

            sessionBean.setIsuserloggedin(true);
            sessionBean.setUsername(username);
            sessionBean.setPassword(new String(password));

            commitSucceeded = true;

            LOGGER.info("Login subject were successfully populated with principals and roles"); 

            return true;
       }
   }

现在，当我尝试使用url /user/ChangePassword.xhtml访问任何页面时，它会将我重定向到login.xhtml，并且当我传递不正确的凭据时，会将我返回到同一页面。那是对的。但是URL不会更改为/index.xhtml，这是 issue -1 。

当我输入正确的登录ID和密码时，URL更改为http://localhost:8080/HotelManager/user/j_security_check，并且我再次收到消息无效的用户ID密码。

成功登录后，应将其重定向到/user/ChangePassword.xhtml 问题-2 。

我需要处理用户，并根据角色问题-3 将他/她重定向到特定页面。

查找解决方案。希望专家能对您有所帮助。

如果我不能正确解释情况，请原谅我。

预先感谢