0

我在 JBoss 中设置了一个 JDBC 领域来处理 Web 应用程序中的用户身份验证/授权。我没有收到任何错误消息,但两个测试用户的授权都失败了,我很难理解为什么。

该项目是在 JBoss 和 Tomcat 上将 JDBC 安全领域上的论坛帖子汇总在一起的结果,所以我完全有可能错过了一些东西,但我再也看不到树木了。

Standalone.xml 中的相关部分(JBoss 管理控制台显示数据库连接和池正常,所以我知道驱动程序安装正确):

<datasource jndi-name="java:jboss/datasources/MySqlDS" pool-name="MySqlDS">
    <connection-url>jdbc:mysql://localhost:3306/securitytest</connection-url>
    <driver-class>com.mysql.jdbc.Driver</driver-class>
    <driver>com.mysql</driver>
    <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
    <pool>
        <min-pool-size>10</min-pool-size>
        <max-pool-size>100</max-pool-size>
        <prefill>true</prefill>
    </pool>
    <security>
        <user-name>jboss_as</user-name>
        <password>test</password>
    </security>
    <statement>
        <prepared-statement-cache-size>32</prepared-statement-cache-size>
        <share-prepared-statements>true</share-prepared-statements>
    </statement>
</datasource>
<drivers>
    <driver name="h2" module="com.h2database.h2">
        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
    </driver>
    <driver name="com.mysql" module="com.mysql">
        <xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
    </driver>
</drivers>
....
<security-domain name="JDBCRealm" cache-type="default">
    <authentication>
        <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/datasources/MysqlDS"/>
            <module-option name="principalsQuery" value="select user_password from USERS where user_name=?"/>
            <module-option name="rolesQuery" value="select role_name, 'Roles' from  ROLES where user_name=?"/>
        </login-module>
    </authentication>
</security-domain>

MySQL 测试数据库 (securitytest) 包含两个表(用户 - 三列 ID、用户名、密码和角色 - 三列:ID、用户名、角色名、组名),我用“用户”和“管理员”填充了这些“密码” "作为密码。Role_name 和 group_name 设置为各自用户的名称。条目是明文(当前)

网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">

<!-- Roles -->
<security-role>
    <description>Administrators</description>
    <role-name>admin</role-name>
</security-role>
<security-role>
    <description>Management</description>
    <role-name>mgmt</role-name>
</security-role>

<!--  Resource/role mapping -->
<security-constraint>
    <display-name>Admin Pages</display-name>
    <web-resource-collection>
        <web-resource-name>Protected Admin Area</web-resource-name>
        <description />
        <url-pattern>/admin/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>PUT</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <auth-constraint>
        <description>For administrators only</description>
        <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<security-constraint>
    <display-name>All Access</display-name>
    <web-resource-collection>
        <web-resource-name>Unprotected User Area</web-resource-name>
        <description>Open access for all users</description>
        <url-pattern>/users/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>HEAD</http-method>
        <http-method>PUT</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>DELETE</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<!-- Login prompt -->
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>JDBCRealm</realm-name>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/loginerror.xhtml</form-error-page>
    </form-login-config>
</login-config>
</web-app>

jboss.xml(在 WEB-INF 目录中):

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>java:/jaas/JDBCRealm</security-domain>
</jboss-web>

最后,login.xhtml:

<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:p="http://primefaces.prime.com.tr/ui"
xmlns:h="http://java.sun.com/jsf/html">
<h:head>
<title>Login Form</title>
</h:head>
<h:body>
<p:panel header="Login From">
<form method="post" action="j_security_check">
Username: <input type="text" name="j_username" />
Password: <input type="password" name="j_password" />
<br />
<input type="submit" value="Login" />
<input type="reset" value="Reset" />
</form> 

</p:panel>
</h:body>
</html>

如果有人有任何想法,我会非常感激,因为我正在撕扯我的头发。我确定我做了一些愚蠢的事情,我只是看不到它。

干杯!

4

1 回答 1

0

这可能会帮助您以正确的方式配置它。

http://middlewaremagic.com/jboss/?p=2187

于 2014-02-03T07:18:38.563 回答