[英]WIldfly and JavaEE security configuration with Elytron
I'm trying to became more familiar with Wildfly security configuration and have some problems with understanding of relation between options in server side configs like standalone.xml and application side configs like web.xml and jboss-web.xml. 我试图变得更加熟悉Wildfly安全配置,并在理解服务器端配置(如standalone.xml)和应用程序端配置(如web.xml和jboss-web.xml)之间的选项之间的关系时遇到一些问题。
I have several question about this configuration which was based on Wildfly servlet security example. 关于基于Wildfly Servlet安全示例的此配置,我有几个问题。 I already try it out and it works but several things are not clear for me.
我已经尝试过了,并且可以正常工作,但是对我来说有些事情还不清楚。
Here is JBoss CLI configuration script 这是JBoss CLI配置脚本
# 1. Add the JDBC security realm creation
/subsystem=elytron/jdbc-realm=servlet-security-jdbc-realm:add(\
principal-query=[\
{sql="SELECT PASSWORD FROM USERS WHERE USERNAME = ?", data-source="MySQLDS", clear-password-mapper={password-index=1}},\
{sql="SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?", data-source="MySQLDS", attribute-mapping=[{index=1, to=roles}]}])
# 2. Add a simple role decoder for the "roles" attribute mapping
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=roles)
# 3. Configure the servlet-security-quickstart security domain
/subsystem=elytron/security-domain=servlet-security-quickstart-sd:add(\
default-realm=servlet-security-jdbc-realm, \
realms=[{realm=servlet-security-jdbc-realm, role-decoder=from-roles-attribute}], \
permission-mapper=default-permission-mapper)
# 4. Configure the HTTP Authentication Factory
/subsystem=elytron/http-authentication-factory=servlet-security-quickstart-http-auth:add(\
http-server-mechanism-factory=global,\
security-domain=servlet-security-quickstart-sd,\
mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=RealmUsersRoles}]}])
# 5. Configure Undertow's application security domain
/subsystem=undertow/application-security-domain=servlet-security-quickstart:add(\
http-authentication-factory=servlet-security-quickstart-http-auth)
web.xml web.xml中
<?xml version="1.0"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>RealmUsersRoles</realm-name>
</login-config>
</web-app>
jboss-web.xml 的jboss-web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>servlet-security-quickstart</security-domain>
</jboss-web>
Here is a link to Wildfly example I use as a base https://github.com/wildfly/quickstart/tree/master/servlet-security 这是我用作基本https://github.com/wildfly/quickstart/tree/master/servlet-security的 Wildfly示例的链接
Here is all my code based on this example with some modifications https://github.com/usharik/GeekBrainsJavaEE/tree/master/lesson8-security 这是我基于此示例进行的所有修改后的所有代码https://github.com/usharik/GeekBrainsJavaEE/tree/master/lesson8-security
web.xml
web.xml
配置 401 Unauthorized
(the WWW-Authenticate
header). 401 Unauthorized
( WWW-Authenticate
标头)时,它仅显示在浏览器中。 If the ream name is configured in web.xml
it is used, otherwise the one from the server config is used. web.xml
配置了名称,则使用该名称,否则将使用服务器配置中的名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.