JAAS注銷不適用於自定義登錄模塊
[英]JAAS logout does not work for custom login module
問題描述
在我在WildFly 9服務器上運行的Java EE應用程序中,我有一個自定義登錄模塊:
public class MyLoginModule extends AbstractServerLoginModule {
private Principal identity;
@Override
public boolean login() throws LoginException {
// do something
identity = new SimplePrincipal("test");
subject.getPrincipals().add(identity);
// do something else
return true;
}
@Override
public boolean logout() throws LoginException {
subject.getPrincipals().remove(identity);
return true;
}
}
login方法按預期工作。 但它與logout方法不一樣。 當我寫一些像request.getSession(false).invalidate(); 從Servlet或Web服務, logout方法是神經緊張。
這是我的配置文件:
web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>customer-area</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>MY-AUTH</auth-method>
</login-config>
</web-app>
的jboss-web.xml中
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/MySecurityDomain</security-domain>
</jboss-web>
standalone.xml
<security-domain name="MySecurityDomain" cache-type="default">
<authentication>
<login-module code="mypackage.MyLoginModule" flag="required"/>
</authentication>
</security-domain>
ServletExtension類:
public class MyServletExtension implements ServletExtension {
@Override
public void handleDeployment(final DeploymentInfo deploymentInfo, ServletContext servletContext) {
deploymentInfo.addAuthenticationMechanism("MY-AUTH", new AuthenticationMechanismFactory() {
@Override
public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String, String> properties) {
return new MyAuthenticationMechanism();
}
});
}
}
AuthenticationMechanism類:
public class MyAuthenticationMechanism implements AuthenticationMechanism {
@Override
public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) {
PasswordCredential credential = new PasswordCredential(new char[] {});
Account account = identityManager.verify("test", credential);
if (account != null) {
return AUTHENTICATED;
} else {
return NOT_AUTHENTICATED;
}
}
}
我錯過了什么 ?
1 個解決方案
解決方案1
0 已采納 2016-11-14 15:21:49
允許到達MyLoginModule.logout()是request.logout() 。 我應該自己找到它!
使用自定義JAAS登錄模塊啟動JMX代理,將login()設置為始終返回true
[英]Launching a JMX agent with a custom JAAS login module, setting login() to always return true
繞過JConsole對用戶名/密碼的要求 - 當使用帶有JMX的Jaas自定義登錄模塊來處理授權和身份驗證時
[英]Bypassing JConsole requirement for username/password - when using a Jaas custom login module with JMX to handle authorization and authentication
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.