[英]WildFly 23.0.2 BASIC authentication not working
I can't understand why the BASIC authentication method isn't working.我不明白为什么 BASIC 身份验证方法不起作用。 I tried to secure a resource on the url api/hello-world (it's the first time) with the HTTP BASIC auth method (code below).我尝试使用 HTTP BASIC auth 方法(下面的代码)保护 url api/hello-world 上的资源(这是第一次)。 But, it's completely not working, the resource is not protected when accessed, and browser shows no login form.但是,它完全不起作用,访问时资源不受保护,浏览器没有显示登录表单。
jboss-web.xml jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd"
version="10.0">
<security-domain>ApplicationDomain</security-domain>
</jboss-web>
web.xml web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
version="4.0"
<security-constraint>
<web-resource-collection>
<web-resource-name>Hello World</web-resource-name>
<url-pattern>/api/hello-world</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>user</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
</web-app>
Testing with Insomnia, the resource results not protected, responding always with 200.用 Insomnia 测试,资源结果不受保护,总是响应 200。
I had the same problem with Wildfly 26.0.1.我对 Wildfly 26.0.1 也有同样的问题。 In older Versions it worked with this configiration in the standalone.xml
(Example from 18.0.1):在较旧的版本中,它在standalone.xml
中使用此配置(18.0.1 中的示例):
<subsystem xmlns="urn:jboss:domain:undertow:10.0" default-security-domain="other">
where other
is the default value in the xsd
.其中other
是xsd
中的默认值。 other
is defined as default security domain in the domain::ejb3
section only, not in undertow. other
仅在domain::ejb3
部分中定义为默认安全域,而不是在 undertow 中。 This might be wrong, but it worked.这可能是错误的,但它确实有效。 In Wildfly 26.0.1 it no longer worked with a similar configuration.在 Wildfly 26.0.1 中,它不再使用类似的配置。
However I got it running by changing the default-security-domain
in the undertow section from other
to ApplicationDomain
.但是,我通过将 undertow 部分中的default-security-domain
从other
更改为ApplicationDomain
来运行它。
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="ApplicationDomain" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
Don't know if this helps in your case, as well.不知道这对您的情况是否也有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.