[英]Wildfly (12/14) Elytron - LDAP Security - Missing Dependecies
我正在努力將Wildfly 12/14 Elytron Ldap身份驗證機制引入我的兩個webapp應用程序中。
盡管我已經通過jboss-cli.sh按照Wildfly文檔中的步驟成功部署了DirContext,LdapRealm,SecurityDomain等,但是當我在“ WEB-INF / jboss-web.xml”中添加標記<security-domain>
,並啟動容器,出現以下錯誤:
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.myApplicationDomain"], "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\\"ldapauthentication.war\\".component.MemberRegistration.CREATE is missing [jboss.security.security-domain.myApplicationDomain]"]
注意:即使將“ standalone.xml”日志記錄級別設置為TRACE,關於此的唯一信息也是上述行。
用於實現Elytron安全子系統的jboss-cli.sh
順序命令是:
/subsystem=elytron/dir-context=exampleDC:add(url="ldap://172.17.0.2:389",principal="cn=admin,dc=wildfly,dc=org",credential-reference={clear-text="secret"})
/subsystem=elytron/ldap-realm=exampleLR:add(dir-context=exampleDC,identity-mapping={search-base-dn="ou=Users,dc=wildfly,dc=org",rdn-identifier="uid",user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=wildfly,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=exampleLdapSD:add(realms=[{realm=exampleLR,role-decoder=from-roles-attribute}],default-realm=exampleLR,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=example-ldap-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleLdapSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=myApplicationDomain}]}])
/subsystem=undertow/application-security-domain=myApplicationDomain:add(http-authentication-factory=example-ldap-http-auth)
jboss-web.xml
和web.xml
文件的定義如下:
的jboss-web.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<security-domain>myApplicationDomain</security-domain>
</jboss-web>
web.xml中:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">
<display-name>ldapauth</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Ldap Secured</description>
<role-name>Admin</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myApplicationDomain</realm-name>
</login-config>
<session-config>
<session-timeout>8</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
</web-app>
我想念什么?
component.MemberRegistration.CREATE(ejb?)使用舊版安全域jboss.security.security-domain.myApplicationDomain。
您應該在ejb子系統中使用define application security domain(定義應用程序安全域)(類似於您對undertow所做的事情),以了解應該使用Elytron域。
/子系統= EJB3 /應用的安全域= myApplicationDomain:添加(安全域= exampleLdapSD)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.