[英]WildFly login module called for every http request
I have written a custom login module for WildFly 10 which works. 我为WildFly 10编写了一个自定义登录模块,该模块有效。 But the validatePassword method gets called for every http request , even after a successful login.
但是,即使成功登录后,也会为每个http请求调用validatePassword方法 。 How do I prevent these extra login validations?
如何防止这些额外的登录验证?
package my.company.security;
import java.security.acl.Group;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import my.company.myapp.boundary.UserManager;
public class MyLoginModule extends UsernamePasswordLoginModule {
private static final String ROLES_GROUP_NAME = "Roles";
@Override
protected String getUsersPassword() throws LoginException {
return "";
}
@Override
protected boolean validatePassword(final String inputPassword, final String expectedPassword) {
boolean login = false;
try {
UserManager userManager = getUserManager();
System.out.println("call");
login = userManager.verifyLogin(getUsername(), inputPassword);
} catch (LoginException e) {
setValidateError(e);
}
return login;
}
@Override
protected Group[] getRoleSets() throws LoginException {
UserManager userManager = getUserManager();
try {
List<String> roles = userManager.getUserRoleNames(getUsername());
SimpleGroup group = new SimpleGroup(ROLES_GROUP_NAME);
for (String role : roles) {
group.addMember(new SimplePrincipal(role));
}
return new Group[] { group };
} catch (RuntimeException e) {
throw new LoginException(e.getMessage());
}
}
private UserManager getUserManager() throws LoginException {
UserManager userManager;
try {
userManager = (UserManager) new InitialContext().lookup("java:global/myapp/UserManager");
} catch (NamingException e) {
throw new LoginException(e.getMessage());
}
return userManager;
}
}
For JBoss / WildFly there are two options for caching in login modules default and infinispan. 对于JBoss / WildFly,在登录模块default和infinispan中有两个缓存选项。 If there is no cache specified then there will be no caching.
如果没有指定缓存,那么将没有缓存。 For example in the default standalone.xml file the other security domain is defined as:
例如,在默认的standalone.xml文件中,另一个安全域定义为:
<security-domain name="other" cache-type="default">
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.