【发布时间】:2020-12-12 14:00:27
【问题描述】:
我已经在 jboss7.2 上运行的应用程序的 web.xml 中配置了登录模块
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>newrealm</realm-name>
</login-config>
jboss-web.xml 配置了安全域
<jboss-web>
<security-domain>securitydomain1</security-domain>
</jboss-web>
standalone.xml 配置安全域如下
<security-domain name="RPAHttps" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsusers.properties"/>
<module-option name="rolesProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsroles.properties"/>
<module-option name="defaultUsersProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsusers.properties"/>
<module-option name="defaultRolesProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsroles.properties"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="rfc2617"/>
<module-option name="ignorePasswordCase" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="passwordIsA1Hash" value="true"/>
<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
</login-module>
</authentication>
</security-domain>
我生成了存储在属性文件中的密码,如下所示
D:\jboss7\jboss-eap-7.2\modules\system\layers\base\org\picketbox\main>java -classpath picketbox-5.0.3.Final-redhat-3.jar org.jboss.security.auth.callback.RFC2617Digest TD-ADMIN new_1015 RPAHttpsRealm
RFC2617 A1 hash: cdb6fe455334228532b07355043afcb6
请注意,我在 storeDigestCall 返回模块选项中给出了相同的值。我徒劳地尝试了其他回调类
我收到以下错误,请您帮忙
UG [io.undertow.request.security](默认任务 2)身份验证结果为 NOT_ATTEMPTED,方法 io.undertow.security.impl.CachedAuthenticatedSessionMechanism@234fd496 用于 /rpaws/services/SearchIPAddressPort 03:19:06,161 DEBUG [org.jboss.security](默认任务 2)PBOX00281:密码散列激活,算法:MD5,编码:rfc2617,字符集:null,回调:null,storeCallBack:org.jboss.security.auth .callback.RFC2617摘要 03:19:06,173 调试 [org.jboss.security](默认任务 2)PBOX00283:用户名 TD-ADMIN 的密码错误 03:19:06,173 调试 [org.jboss.security](默认任务 2)PBOX00206:登录失败:javax.security.auth.login.FailedLoginException:PBOX00070:密码无效/需要密码 在 org.picketbox//org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286) 在 org.picketbox//org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171) 在 java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) 在 java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665) 在 java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663) 在 java.base/java.security.AccessController.doPrivileged(本机方法) 在 java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) 在 java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574) 在 org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) 在 org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) 在 org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323) 在 org.picketbox//org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:89) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.digest.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:312) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.digest.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:170) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:268) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在 org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) 在 io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) 在 io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) 在 org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) 在 org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) 在 org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) 在 org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) 在 java.base/java.lang.Thread.run(Thread.java:834)
03:19:06,175 DEBUG [io.undertow.request.security](默认任务 2)身份验证失败,消息 UT000038:身份验证失败,请求的用户名 'TD-ADMIN' 和 HttpServerExchange 的机制 DIGEST{ POST /rpaws /services/SearchIPAddressPort 请求 {Connection=[Keep-Alive], SOAPAction=[""], Authorization=[Digest username="TD-ADMIN", realm="RPAHttpsRealm", nonce="RFQLuAOrMiANMTU5ODIxOTM0NjE1NGdPOKC+2c1pRogJZwM8eYU=", uri= "/rpaws/services/SearchIPAddressPort", response="a0e500d779a876633b968e0180f3da42", qop=auth, nc=00000001, cnonce="c18eb749fd10230c", algorithm=MD5, opaque="00000000000000000000000, Accept-Encoding=" Content-Type=[text/xml;charset=UTF-8], Content-Length=[652], User-Agent=[Apache-HttpClient/4.5.2 (Java/12.0.1)], Host=[localhost: 8080]} 响应 {Expires=[0], Cache-Control=[no-cache, no-store, must-revalidate], Pragma=[no-cache]}}
【问题讨论】: