堆栈内存溢出
  简体   繁体   English

JAAS认证和Jboss EAP 6.1

[英]JAAS Authentification & Jboss EAP 6.1

 原文  2014-06-11 14:54:18       java/ security/ jboss/ jaas

问题描述

im trying to use JAAS to manage authentification on my webservice. 我正在尝试使用JAAS管理我的Web服务上的身份验证。

I had this in my standalone.xml file : 我在standalone.xml文件中有这个: 

<security-domain name="helloworld-webservice-login" cache-type="default">
    <authentication>
    <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:/WEB_DS"/>
            <module-option name="principalsQuery" value="select password from s_user where s_user.username=?"/>
            <module-option name="rolesQuery" value="select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?)"/>
            <!-- Remove or Change based on your password encryption technique -->
            <module-option name="hashAlgorithm" value="SHA1"/>
            <module-option name="hashEncoding" value="base64"/>
        </login-module>
    </authentication>
</security-domain>

And this: 和这个: 

@SecurityDomain("helloworld-webservice-login")
@WebContext(authMethod = "BASIC",contextRoot = "*****************", urlPattern = "**************")
public class XXXXXXXXXXXXXXXXmpl implements XXXXXXXXXXXXXX {

    @RolesAllowed("say-hello")  
    public ******** () throws FaultMessage {

And i get this 我明白了 

16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4
16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag : optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=password-stacking, value=useFirstPass
16:32:45,667 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,669 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,670 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin
16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,672 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
    at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false
16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
16:32:45,690 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag : optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=password-stacking, value=useFirstPass
16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,694 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin
16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,695 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
    at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false
16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
:

Somebody has an idea about this problem? 有人对这个问题有想法吗?

Best regards 最好的祝福

1 个解决方案

解决方案1
 0  2014-06-12 12:30:18

I checked it's good. 我检查的很好。 I change import : 我更改导入: 

import org.jboss.annotation.security.SecurityDomain;

to

import org.jboss.ejb3.annotation.SecurityDomain;

now i have 我现在有

11:52:26,028 TRACE [org.jboss.security] ( ******* ) PBOX000354: Setting security roles 11:52:26,028 TRACE [org.jboss.security]( ******* )PBOX000354:设置安全角色 

ThreadLocal: null
11:52:26,073 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
11:52:26,074 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
11:52:26,078 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(helloworld-webservice-login), size: 4
11:52:26,092 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(helloworld-webservice-login), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=hashUserPassword, value=true
name=hashCharset, value=UTF-8
name=hashAlgorithm, value=SHA1
name=principalsQuery, value=select password from s_user where s_user.username=?
name=hashEncoding, value=BASE64
name=dsJndiName, value=java:/WEB_DS
name=hashStorePassword, value=false
name=rolesQuery, value=select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?)

11:52:26,100 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
11:52:26,101 DEBUG [org.jboss.security] (***********) PBOX000281: Password hashing activated, algorithm: SHA1, encoding: BASE64, charset: UTF-8, callback: null, storeCallBack: null
11:52:26,102 TRACE [org.jboss.security] (***********) PBOX000262: Module options [dsJndiName: java:/WEB_DS, principalsQuery: select password from s_user where s_user.username=?, rolesQuery: select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?), suspendResume: true]
11:52:26,104 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
11:52:26,124 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select password from s_user where s_user.username=? with username admin
11:52:26,302 TRACE [org.jboss.security] (***********) PBOX000241: End login method, isValid: true
11:52:26,303 TRACE [org.jboss.security] (***********) PBOX000242: Begin commit method, overall result: true
11:52:26,304 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?) with username admin
11:52:26,308 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?) with username admin
11:52:26,340 TRACE [org.jboss.security] (***********) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@dfafa2, subject: Subject(12381071).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin))
11:52:26,342 TRACE [org.jboss.security] (***********) PBOX000207: updateCache, input subject: Subject(12381071).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin)), cached subject: Subject(24769803).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin))
11:52:26,344 TRACE [org.jboss.security] (***********) PBOX000208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256
11:52:26,345 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = true
11:52:26,355 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
11:53:11,028 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
11:53:11,039 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256
11:53:11,039 TRACE [org.jboss.security] (***********) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256, credential class: class java.lang.String
11:53:11,040 TRACE [org.jboss.security] (***********) PBOX000205: End validateCache, result = true
11:53:11,040 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = true
11:53:11,041 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 这个LoginModule出了什么问题? 以及如何使用Jboss EAP 6.1中的JAAS对用户进行身份验证? - What's wrong with this LoginModule? And how to authenticate users with JAAS in Jboss EAP 6.1? jconsole未检测到jboss EAP 6.1 - jconsole not detecting jboss eap 6.1 JBoss EAP 6.1上的Atmosphere和WebSocket - Atmosphere and WebSocket on JBoss EAP 6.1 适用于jBoss EAP 6.1的jBPM 6模块 - jBPM 6 modules for jBoss EAP 6.1 Jboss EAP 6.1中的RestEasy冲突 - RestEasy conflict in Jboss EAP 6.1 HornetQ在Jboss EAP 6.1上的持久性 - HornetQ persistence on Jboss EAP 6.1 JBoss EAP 6.1无法在Eclipse Mars中启动 - JBoss EAP 6.1 does not start in Eclipse Mars ejb bean实例池jboss EAP 6.1 - ejb bean instance pool jboss EAP 6.1 JBoss EAP 6.1连接到WebSphere 7 EJB - JBoss EAP 6.1 connecting to WebSphere 7 EJB JBoss EAP 6.1 的 Infinispan 超时异常 - Infinispan Timeout Exception with JBoss EAP 6.1
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM