WildFly 8.2.1。 数据库登录模块导致“禁止”错误
[英]WildFly 8.2.1. Database login module results in “Forbidden” error
问题描述
I am migrating an application to WildFly and got to a point where I am not able to login into the admin part. 
我正在将应用程序迁移到WildFly,并且到了无法登录管理部分的地步。 I use a Database login module and after setting TRACE log level, I see that the queries are executed successfully - I see some isValid=true lines in the log. 我使用数据库登录模块,并在设置TRACE日志级别后,看到查询已成功执行-在日志中看到一些isValid=true行。
The second column of the roles query returns Roles (no need to dig in the server config to check) :) 角色查询的第二列返回“ Roles (无需在服务器配置中进行挖掘即可检查):)
If I enter invalid user or pass in the login form, I can see exception in the log, saying that there's no such user (correct). 如果我输入无效的用户或通过登录表单,则可以在日志中看到异常,表示没有这样的用户(正确)。 My logic is that this can be treated as proof that the principals and roles queries are correct. 我的逻辑是,可以将其视为主体和角色查询正确的证明。
web.xml web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin panel</web-resource-name>
<description>Admin panel</description>
<url-pattern>/admin/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>aaa</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>aaa</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
<!--
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
-->
</form-login-config>
</login-config>
jboss-web.xml jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/rmwebsite</security-domain>
<context-root>/</context-root>
</jboss-web>
standalone.xml standalone.xml
<security-domain name="rmwebsite" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/RW_DB"/>
<module-option name="principalsQuery" value="select password from principal where username = ? and activity = 1"/>
<module-option name="rolesQuery" value="select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
Here is what is shown in the log after attempting to log in 这是尝试登录后在日志中显示的内容
14:42:42,203 TRACE [org.jboss.security] (default task-11) PBOX000354: Setting security roles ThreadLocal: null
14:42:42,206 TRACE [org.jboss.security] (default task-12) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800
14:42:50,510 TRACE [org.jboss.security] (default task-13) PBOX000221: Begin getAppConfigurationEntry(rmwebsite), size: 4
14:42:50,513 TRACE [org.jboss.security] (default task-13) PBOX000224: End getAppConfigurationEntry(rmwebsite), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=select password from principal where username = ? and activity = 1
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/RW_DB
name=rolesQuery, value=select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000236: Begin initialize method
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000237: Saw unauthenticated indentity: guest
14:42:50,517 TRACE [org.jboss.security] (default task-13) PBOX000262: Module options [dsJndiName: java:/RW_DB, principalsQuery: select password from principal where username = ? and activity = 1, rolesQuery: select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?, suspendResume: true]
14:42:50,519 TRACE [org.jboss.security] (default task-13) PBOX000240: Begin login method
14:42:50,553 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select password from principal where username = ? and activity = 1 with username myuser
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000241: End login method, isValid: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000242: Begin commit method, overall result: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,563 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,575 TRACE [org.jboss.security] (default task-13) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@1acfc77a, subject: Subject(1719716068).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser))
14:42:50,576 TRACE [org.jboss.security] (default task-13) PBOX000207: updateCache, input subject: Subject(1719716068).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser)), cached subject: Subject(1754901421).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser))
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000201: End isValid, result = true
14:42:50,589 TRACE [org.jboss.security] (default task-13) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,591 TRACE [org.jboss.security] (default task-14) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081, credential class: class [C
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000205: End validateCache, result = true
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000201: End isValid, result = true
14:42:50,595 TRACE [org.jboss.security] (default task-14) PBOX000354: Setting security roles ThreadLocal: null
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081, credential class: class [C
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000205: End validateCache, result = true
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000201: End isValid, result = true
14:51:39,172 TRACE [org.jboss.security] (default task-15) PBOX000354: Setting security roles ThreadLocal: null
1 个解决方案
解决方案1
0 已采纳 2015-11-06 14:27:14
Originally the web.xml defined a security role 'admin', which is not in aaa, bbb, ccc, ddd. 最初,web.xml定义了一个安全角色“ admin”,它不在aaa,bbb,ccc,ddd中。 The result was still 'forbidden' - 403 error. 结果仍然是“禁止”-403错误。 The auth constraint referred *. auth约束称为*。 I changed it to refer 'aaa' for test. 我将其更改为引用“ aaa”进行测试。
The issue seems to be solved after I did the following: * returned back * in auth constraint * defined security roles for 'aaa', 'bbb', 'ccc' and 'ddd'. 在执行以下操作之后,该问题似乎已解决:*返回*在身份验证约束中*为'aaa','bbb','ccc'和'ddd'定义了安全角色。
Thanks Franck for your answers. 感谢Franck的回答。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
启动Wildfly 8.2.1服务器时出错 - Error starting Wildfly 8.2.1 server
Wildfly使用数据库登录模块摘要login-config - Wildfly digest login-config with database login module
Wildfly和JAAS登录模块 - Wildfly and JAAS login module
Wildfly-8.2.1中的端口统一 - Port Unification in Wildfly-8.2.1
OpenShift 上的 Web 套接字断开连接(使用 WildFly 8.2.1) - Web socket disconnecting on OpenShift (with WildFly 8.2.1)
Wildfly自定义登录模块永远不会执行? - Wildfly custom login module never gets executed?
每个HTTP请求都会调用WildFly登录模块 - WildFly login module called for every http request
从JBOSS 7.1.1升级到Wildfly 8.2.1的问题 - Issue with upgrading from JBOSS 7.1.1 to Wildfly 8.2.1
WildFly 10.x 总是收到 HTTP 错误 403:禁止 - WildFly 10.x always getting HTTP error 403: forbidden
Wildfly 8.2.1上部署的Java 8应用程序的元空间内存流量问题 - Metaspace memory concumption issues of Java 8 applications deployed on Wildfly 8.2.1
相关标签