stackoom
  简体   繁体   中英

WildFly login module called for every http request

 原文  2016-03-31 06:56:47       java/ jboss/ wildfly/ jaas

Question

I have written a custom login module for WildFly 10 which works. But the validatePassword method gets called for every http request , even after a successful login. How do I prevent these extra login validations? 

package my.company.security;

import java.security.acl.Group;
import java.util.List;

import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;

import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

import my.company.myapp.boundary.UserManager;

public class MyLoginModule extends UsernamePasswordLoginModule {

    private static final String ROLES_GROUP_NAME = "Roles";

    @Override
    protected String getUsersPassword() throws LoginException {
        return "";
    }

    @Override
    protected boolean validatePassword(final String inputPassword, final String expectedPassword) {
        boolean login = false;
        try {
            UserManager userManager = getUserManager();
            System.out.println("call");
            login = userManager.verifyLogin(getUsername(), inputPassword);
        } catch (LoginException e) {
            setValidateError(e);
        }

        return login;
    }

    @Override
    protected Group[] getRoleSets() throws LoginException {
        UserManager userManager = getUserManager();
        try {
            List<String> roles = userManager.getUserRoleNames(getUsername());
            SimpleGroup group = new SimpleGroup(ROLES_GROUP_NAME);

            for (String role : roles) {
                group.addMember(new SimplePrincipal(role));
            }
            return new Group[] { group };
        } catch (RuntimeException e) {
            throw new LoginException(e.getMessage());
        }
    }

    private UserManager getUserManager() throws LoginException {
        UserManager userManager;
        try {
            userManager = (UserManager) new InitialContext().lookup("java:global/myapp/UserManager");
        } catch (NamingException e) {
            throw new LoginException(e.getMessage());
        }
        return userManager;
    }

}

1 answers

solution1
 1 ACCPTED  2016-03-31 10:37:44

For JBoss / WildFly there are two options for caching in login modules default and infinispan. If there is no cache specified then there will be no caching. For example in the default standalone.xml file the other security domain is defined as: 

 <security-domain name="other" cache-type="default">

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Wildfly and JAAS login module Wildfly setup using ejb remote access and custom login module / applicationrealm is additionally called Wildfly custom login module never gets executed? Wildfly digest login-config with database login module WildFly 8.2.1. Database login module results in “Forbidden” error wildfly 10 custom login module with client-cert auth not executing WildFly Service Module Loader - ClassNotFound on jdk.incubator.http.HttpClient Redirect every HTTP request to HTTPS Why the @InitBinder method is called for every request? Spring Boot 2 Interceptor resolves `/login' on every request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM