[英]JAAS logout does not work for custom login module
在我在WildFly 9服务器上运行的Java EE应用程序中,我有一个自定义登录模块:
public class MyLoginModule extends AbstractServerLoginModule {
private Principal identity;
@Override
public boolean login() throws LoginException {
// do something
identity = new SimplePrincipal("test");
subject.getPrincipals().add(identity);
// do something else
return true;
}
@Override
public boolean logout() throws LoginException {
subject.getPrincipals().remove(identity);
return true;
}
}
login
方法按预期工作。 但它与logout
方法不一样。 当我写一些像request.getSession(false).invalidate();
从Servlet
或Web服务, logout
方法是神经紧张。
这是我的配置文件:
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>customer-area</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>MY-AUTH</auth-method>
</login-config>
</web-app>
的jboss-web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/MySecurityDomain</security-domain>
</jboss-web>
standalone.xml
<security-domain name="MySecurityDomain" cache-type="default">
<authentication>
<login-module code="mypackage.MyLoginModule" flag="required"/>
</authentication>
</security-domain>
ServletExtension
类:
public class MyServletExtension implements ServletExtension {
@Override
public void handleDeployment(final DeploymentInfo deploymentInfo, ServletContext servletContext) {
deploymentInfo.addAuthenticationMechanism("MY-AUTH", new AuthenticationMechanismFactory() {
@Override
public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String, String> properties) {
return new MyAuthenticationMechanism();
}
});
}
}
AuthenticationMechanism
类:
public class MyAuthenticationMechanism implements AuthenticationMechanism {
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
PasswordCredential credential = new PasswordCredential(new char[] {});
Account account = identityManager.verify("test", credential);
if (account != null) {
return AUTHENTICATED;
} else {
return NOT_AUTHENTICATED;
}
}
}
我错过了什么 ?
允许到达MyLoginModule.logout()
是request.logout()
。 我应该自己找到它!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.