如何通过用户角色声明对用户进行身份验证?
[英]How to authenticate users by their role declarative?
问题描述
How can Seam be configured to use different security-constraints for different web-resource-collections? 
如何将Seam配置为对不同的Web资源集合使用不同的安全约束?
In web.xml I included a sections like 在web.xml我包括了类似
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
</security-role>
If I omit the configuration above (web.xml). 如果我省略上面的配置(web.xml)。 The user is authenticated (only password) using JAAS. 使用JAAS对用户进行身份验证(仅密码)。 I would prefer not write code for Authenticatin, I really only need to check that the user has the required role (admin). 我宁愿不为Authenticatin编写代码,实际上只需要检查用户是否具有所需角色(管理员)即可。
In Seam this doesn't work like expected. 在Seam中,此功能无法正常工作。 I receive HTTP-Errorcode 403 while trying to access the pages in /secure/* 尝试访问/secure/*的页面时收到HTTP错误代码403
I configured in components.xml This works when web.xml is not changed. 我在components.xml配置了,这在不更改web.xml的情况下有效。
<security:identity jaas-config-name="admins" />
And jboss-web.xml 还有jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/admins</security-domain>
</jboss-web>
The question is where do I configure the role. 问题是我在哪里配置角色。
2 个解决方案
解决方案1
4 已采纳 2010-10-27 15:06:59
You have to set up a new security domain on JBoss. 您必须在JBoss上设置一个新的安全域。
For instance: 例如:
<policy>
<application-policy name="testUsersRoles">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">usersb64.properties</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="unauthenticatedIdentity">nobody</module-option>
</login-module>
</authentication>
</application-policy>
</policy>
(at the conf/login-config.xml file of your JBoss instance). (在您的JBoss实例的conf / login-config.xml文件中)。
You have more information here: Security on JBoss 您在这里有更多信息: JBoss上的安全性
UPDATE: 更新:
About the "use different security-constraints for different web-resource-collections" part of your question, you can set it adding a different "security-constraint" for every group of resources to control: 关于您的问题的“对不同的Web资源集合使用不同的安全性约束”部分,您可以设置为每个要控制的资源组添加一个不同的“安全性约束”:
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminPages</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>CommonUserPages</web-resource-name>
<url-pattern>/common/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>commonUser</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>admin</role-name>
<role-name>commonUser</role-name>
</security-role>
Please, note that both roles will be extracted by the asociated LoginModule at login time. 请注意,这两个角色将在登录时由关联的LoginModule提取。 So when your LoginModule authenticates an user, it retrieves the set of roles which this user belongs to. 因此,当您的LoginModule对用户进行身份验证时,它将检索该用户所属的一组角色。
解决方案2
1 2011-12-20 11:02:00
Use custom Indentity with postAuthenticate method. 使用带有postAuthenticate方法的自定义身份。
<security:identity jaas-config-name="admins" class="my.Identity"/>
Example code: 示例代码:
package my;
public class Identity extends org.jboss.seam.security.Identity {
private static final long serialVersionUID = 1L;
@Override
protected void postAuthenticate() {
super.postAuthenticate();
if(isLoggedIn() && !hasRole("admin")) {
unAuthenticate();
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.