JAAS 认证和 Jboss EAP 6.1

【问题标题】:JAAS Authentification & Jboss EAP 6.1JAAS 认证和 Jboss EAP 6.1
【发布时间】:2014-06-11 14:54:18
【问题描述】:

我正在尝试使用 JAAS 来管理我的网络服务上的身份验证。

我的standalone.xml 文件中有这个:

<security-domain name="helloworld-webservice-login" cache-type="default">
    <authentication>
    <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:/WEB_DS"/>
            <module-option name="principalsQuery" value="select password from s_user where s_user.username=?"/>
            <module-option name="rolesQuery" value="select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?)"/>
            <!-- Remove or Change based on your password encryption technique -->
            <module-option name="hashAlgorithm" value="SHA1"/>
            <module-option name="hashEncoding" value="base64"/>
        </login-module>
    </authentication>
</security-domain>

还有这个:

@SecurityDomain("helloworld-webservice-login")
@WebContext(authMethod = "BASIC",contextRoot = "*****************", urlPattern = "**************")
public class XXXXXXXXXXXXXXXXmpl implements XXXXXXXXXXXXXX {

    @RolesAllowed("say-hello")  
    public ******** () throws FaultMessage {

我明白了

16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4
16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag : optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=password-stacking, value=useFirstPass
16:32:45,667 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,669 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,670 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin
16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,672 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
    at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false
16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
16:32:45,690 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4
16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag : optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmDirectLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=password-stacking, value=useFirstPass
16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
16:32:45,694 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin
16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method
16:32:45,695 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
    at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]
    at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]
    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)
    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
    at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false
16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
:

有人知道这个问题吗?

最好的问候

【问题讨论】:

  • 您能否检查一下您的 JNDI WEB_DS 凭据是否正确?
  • 其实我也不确定,怎么查?

标签: java security jboss jaas


【解决方案1】:

我检查了它是好的。 我更改导入:

import org.jboss.annotation.security.SecurityDomain;

import org.jboss.ejb3.annotation.SecurityDomain;

现在我有

11:52:26,028 TRACE [org.jboss.security] (*******) PBOX000354:设置安全角色

ThreadLocal: null
11:52:26,073 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null
11:52:26,074 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin
11:52:26,078 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(helloworld-webservice-login), size: 4
11:52:26,092 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(helloworld-webservice-login), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=hashUserPassword, value=true
name=hashCharset, value=UTF-8
name=hashAlgorithm, value=SHA1
name=principalsQuery, value=select password from s_user where s_user.username=?
name=hashEncoding, value=BASE64
name=dsJndiName, value=java:/WEB_DS
name=hashStorePassword, value=false
name=rolesQuery, value=select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?)

11:52:26,100 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method
11:52:26,101 DEBUG [org.jboss.security] (***********) PBOX000281: Password hashing activated, algorithm: SHA1, encoding: BASE64, charset: UTF-8, callback: null, storeCallBack: null
11:52:26,102 TRACE [org.jboss.security] (***********) PBOX000262: Module options [dsJndiName: java:/WEB_DS, principalsQuery: select password from s_user where s_user.username=?, rolesQuery: select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?), suspendResume: true]
11:52:26,104 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method
11:52:26,124 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select password from s_user where s_user.username=? with username admin
11:52:26,302 TRACE [org.jboss.security] (***********) PBOX000241: End login method, isValid: true
11:52:26,303 TRACE [org.jboss.security] (***********) PBOX000242: Begin commit method, overall result: true
11:52:26,304 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?) with username admin
11:52:26,308 TRACE [org.jboss.security] (***********) PBOX000263: Executing query select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?) with username admin
11:52:26,340 TRACE [org.jboss.security] (***********) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@dfafa2, subject: Subject(12381071).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin))
11:52:26,342 TRACE [org.jboss.security] (***********) PBOX000207: updateCache, input subject: Subject(12381071).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin)), cached subject: Subject(24769803).principals=org.jboss.security.SimplePrincipal@17637278(admin)org.jboss.security.SimpleGroup@9886549(Roles(members:say-hello))org.jboss.security.SimpleGroup@9886549(CallerPrincipal(members:admin))
11:52:26,344 TRACE [org.jboss.security] (***********) PBOX000208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256
11:52:26,345 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = true
11:52:26,355 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
11:53:11,028 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null
11:53:11,039 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256
11:53:11,039 TRACE [org.jboss.security] (***********) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@941256, credential class: class java.lang.String
11:53:11,040 TRACE [org.jboss.security] (***********) PBOX000205: End validateCache, result = true
11:53:11,040 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = true
11:53:11,041 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2013-12-27
    • 2013-08-25
    • 2014-02-28
    • 2014-03-10
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode