Wildfly自定义登录模块永远不会执行?
[英]Wildfly custom login module never gets executed?
问题描述
I have created a custom login module for my web application running in Wildfly 8.0. 
我为在Wildfly 8.0中运行的Web应用程序创建了自定义登录模块。 Here is the module: 这是模块:
package bmacs.auth;
import java.security.acl.Group;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
public class BasicLoginModule extends UsernamePasswordLoginModule
{
@Override
protected String getUsersPassword() throws LoginException
{
System.out.println("custom getUsersPassword");
System.out.format("MyLoginModule: authenticating user '%s'\n",
getUsername());
String password = super.getUsername();
password = password.toUpperCase();
return password;
}
@Override
protected boolean validatePassword(String inputPassword,
String expectedPassword)
{
System.out.println("custom validatePassword");
String encryptedInputPassword = (inputPassword == null) ? null
: inputPassword.toUpperCase();
System.out.format(
"Validating that (encrypted) input psw '%s' equals to (encrypted) '%s'\n"
, encryptedInputPassword, expectedPassword);
return true;
}
@Override
protected Group[] getRoleSets() throws LoginException
{
System.out.println("custom getRoleSets");
SimpleGroup group = new SimpleGroup("Roles");
try {
System.out.println("Search here group for user: "+super.getUsername());
group.addMember(new SimplePrincipal("RoleReportEnrollmentViewer"));
} catch (Exception e) {
throw new LoginException("Failed to create group member for " + group);
}
return new Group[] { group };
}
}
Here is my new security domain I added to standalone.xml 这是我添加到standalone.xml中的新安全域
<security-domain name="simple-auth" cache-type="default">
<authentication>
<login-module code="bmacs.auth.BasicLoginModule" flag="required" module="login"/>
</authentication>
</security-domain>
Here is my web app's jboss-web.xml, which references the security domain. 这是我的Web应用程序的jboss-web.xml,它引用了安全域。
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain flushOnSessionInvalidation="true">simple-auth</security-domain>
</jboss-web>
When I try to login (through form authentication J_SECURITY_CHECK), it does nothing. 当我尝试登录时(通过表单身份验证J_SECURITY_CHECK),它什么都不做。 The only thing that shows up in the log is these 2 lines, which isn't much help 日志中唯一显示的是这两行,对您的帮助不大
16:55:09,622 TRACE [org.jboss.security] (default task-9) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c9c352bc, cache entry: null
16:55:09,625 TRACE [org.jboss.security] (default task-9) PBOX000354: Setting security roles ThreadLocal: null
What am I missing? 我想念什么? The System.out.println statements in the custom login never print anything/not being executed. 自定义登录中的System.out.println语句从不打印任何内容/不执行任何操作。
3 个解决方案
解决方案1
0 2015-06-18 08:01:16
Check again the jboss-web.xml. 再次检查jboss-web.xml。 I think that you have to setting the security roles in the xml. 我认为您必须在xml中设置安全角色。 I give you a url that may help 我给你一个URL可能会有所帮助
https://stackoverflow.com/questions/29726261/form-based-authentication-in-wildfly-with-jsf https://stackoverflow.com/questions/29726261/form-based-authentication-in-wildfly-with-jsf
Tell me something if it works for you. 告诉我一些对你有用的东西。
Regards. 问候。
解决方案2
0 2015-07-06 15:39:35
I also had an issue like that recently. 最近我也遇到了类似的问题。 Look at this WildFly bug created by me where you can find a workaround: WFLY-4761 . 查看我创建的此WildFly错误,您可以在其中找到解决方法: WFLY-4761 。 Contact me if you need more help after reading the link. 阅读链接后,如果需要更多帮助,请与我联系。
Edit: As a reaction to comment of Newd I am adding little more description. 编辑:作为对Newd评论的回应,我将添加更多描述。 There is a bug in WildFly 8.2.0 where unchecked exceptions in login modules are eaten. WildFly 8.2.0中存在一个错误,该错误会吞噬登录模块中未经检查的异常。 The workaround is patching picketbox-infinispan-4.0.21.Final.jar by modified class org.jboss.security.authentication.JBossCachedAuthenticationManager where runtime errors in the second part of implementation of defaultLogin method are caught and rethrown wrapped by LoginException. 解决方法是通过修改后的类org.jboss.security.authentication.JBossCachedAuthenticationManager修补picketbox-infinispan-4.0.21.Final.jar,在该类中,DefaultLogin方法实现的第二部分中的运行时错误将被LoginException捕获并重新抛出。 The original question was related to WildFly 8.0 where you have to do the same with older version picketbox-infinispan-4.0.20.Final.jar. 最初的问题与WildFly 8.0有关,您必须在旧版本的Picketbox-infinispan-4.0.20.Final.jar中执行相同的操作。 Please note that the problem can be also caused by unsatisfied module dependencies (WildFly modules have to have their dependencies declared explicitly). 请注意,该问题也可能是由不满足的模块依赖关系引起的(WildFly模块必须明确声明其依赖关系)。
Once you patch the library, errors in your module start appearing in WildFly log file. 修补库后,模块中的错误开始出现在WildFly日志文件中。
解决方案3
0 2016-05-18 08:50:45
you have to use a new authentication mechanism : 您必须使用新的身份验证机制:
Wildfly Custom auth-method Wildfly自定义身份验证方法
you have to create a new class implements wildfly interface and in web.xml login config uses your new configuration ... you can also check in the imported sources class from wildfly : FormAuthenticationMecanism explanations form wildfly 9 but it is the same in wildfly 8 您必须创建一个新的类来实现wildfly接口,并在web.xml中登录配置使用您的新配置...您还可以从wildfly中检查导入的源类:FormAuthenticationMecanism解释了wildfly 9,但在wildfly 8中是相同的
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.