Wildfly 17 Elytron:使用EAR中的类进行服务器端身份验证
[英]Wildfly 17 Elytron: server side authentication with classes from EAR
问题描述
We plan to migrate from Picketbox to Elytron and face the following problem: 
我们计划从Picketbox迁移到Elytron,并面临以下问题:
With Picketbox a custom login module can use functionality of (or even can reside in) a deployment module (eg an EAR in wildfly/standalone/deployments) to implement authentication on the server side: 借助Picketbox,自定义登录模块可以使用部署模块(例如,在wildfly / standalone / deployments中的EAR)(甚至可以驻留在其中)的功能在服务器端实现身份验证:
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
...
<security-domain name="MyDomain" cache-type="default">
<authentication>
<login-module name="MyLoginModule" code="de.example.wildfly.MyLoginModule" flag="required" module="deployment.de.example.wildfly.login"/>
</authentication>
</security-domain>
My first try was to use a custom realm in Elytron. 我的第一个尝试是在Elytron中使用自定义领域。 But as far as I understand, a custom realm needs to be a "static" module (meaning it is located under wildfly/modules/...) and thus cannot access "dynamically" deployed modules (see https://developer.jboss.org/message/984198#984198 ). 但是据我了解,自定义领域需要是一个“静态”模块(意味着它位于wildfly / modules / ...下),因此无法访问“动态”部署的模块(请参阅https://developer.jboss .org / message / 984198#984198 )。
<subsystem xmlns="urn:wildfly:elytron:7.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
...
<security-domains>
<security-domain name="MyDomain" default-realm="MyRealm" permission-mapper="default-permission-mapper">
<realm name="MyRealm" role-decoder="from-roles-attribute" />
</security-domain>
</security-domains>
<security-realms>
...
<custom-realm name="MyRealm" module="de.example.wildfly.login" class-name="de.example.wildfly.MyCustomRealm" />
(I omitted some more of the security domain configuration) (我省略了更多的安全域配置)
When I try to load a Spring context (that is located in an EAR in order to access some custom classes from the EAR) in MyCustomRealm, I get the following error: 当我尝试在MyCustomRealm中加载Spring上下文(位于EAR中以便从EAR访问某些自定义类)时,出现以下错误:
org.springframework.beans.factory.access.BootstrapException: Unable to initialize group definition. Group resource name [classpath:applicationContext-appServerBase.xml], factory key [applicationContextEjb]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [applicationContext-appServerBase.xml]; nested exception is java.io.FileNotFoundException: class path resource [applicationContext-appServerBase.xml] cannot be opened because it does not exist
Which is no surprise, because my realm does not depend on the ear or any jar from therein, where the application context is located. 这并不奇怪,因为我的境界不依赖于耳朵或应用上下文位于其中的任何罐子。
How can authentication (specifically for EJB calls) be customized on server side by using classes from a deployment module (EAR) in Elytron? 如何使用Elytron中的部署模块(EAR)中的类在服务器端自定义身份验证(特别是针对EJB调用)?
1 个解决方案
解决方案1
0 已采纳 2019-07-19 13:28:48
Maybe https://github.com/AntonYudin/wildfly-securityrealm-ejb is exactly what you are looking for. 也许https://github.com/AntonYudin/wildfly-securityrealm-ejb正是您想要的。 It creates a SecurityRealm that can be configured with the address of an EJB that's deployed with your application. 它创建一个SecurityRealm ,可以使用与您的应用程序一起部署的EJB的地址进行配置。
The EJB has to be Stateless and must implement the method Map<String, Object> authenticate(String, String) which is called with a username and a password . EJB必须是Stateless并且必须实现Map<String, Object> authenticate(String, String) ,该方法使用username和password调用。
I guess you have to return a map that contains all roles and groups the user belongs to or null if the credentials are invalid. 我猜您必须返回一个包含用户所属的所有roles和groups的映射,或者如果凭据无效,则返回null 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.