[英]How to set authentication on a specific URL in Jboss eap 6.1.0
I am working on a project, where I want to apply authentication on a particular url. 我正在一个项目中,我想在此项目上对特定的URL进行身份验证。 Jboss Version: Jboss eap 6.1.0 Jboss版本:Jboss eap 6.1.0
There is an URL in my application http://localhost:8080/myApp/monitoring I want when user hit this url, it will ask for user id and password 我的应用程序中有一个URL http:// localhost:8080 / myApp / monitoring,当用户点击该URL时,它会询问用户ID和密码
The below are the steps that I have done 以下是我已经完成的步骤
Add following in WEB.XML 在WEB.XML中添加以下内容
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/monitoring</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
jboss-web.xml jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
Then added user using add-user.bat file. 然后使用add-user.bat文件添加用户。 But when I am hitting the url http://localhost:8080/myApp/monitoring server is responding back with Error Code 302 and the url is redirecting to https://localhost/myApp/monitoring 但是当我点击URL http:// localhost:8080 / myApp / monitoring服务器时,系统会返回错误代码302,并且该URL重定向到https:// localhost / myApp / monitoring
Can anyone please help on this. 任何人都可以帮忙。 Thanks in advance. 提前致谢。
You have misconfigured the security-constraint
element in web.xml
. 您已在web.xml
错误配置了security-constraint
元素。
Try to use following value: 尝试使用以下值:
<security-constraint>
<web-resource-collection>
<web-resource-name>All Access</web-resource-name>
<url-pattern>/monitoring</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
And now some details: 现在有一些细节:
web-resource-collection
(otherwise only the named ones are protected) 如果要保护所有访问给定URL的HTTP方法,请不要在web-resource-collection
命名它们(否则仅保护命名的方法) transport-guarantee
(with value not equal to NONE
) then you de facto requests using https
(SSL/TLS) instead of http
如果您指定transport-guarantee
(值不等于NONE
),那么实际上您使用的是https
(SSL / TLS)而不是http
请求。 auth-constraint
(with list of roles to which you grant access) if you don't want to grant access to everyone 如果您不想向所有人授予访问权限,则必须提供auth-constraint
(以及您授予访问权限的角色列表)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.