0

我正在 WebLogic 10.3 (11G) 上进行 Flex 实现(目前使用 SDK 3.5)。我们最初使用 Glassfish v2.1.1 的问题为零(存在活动目录组查找错误,但它并没有阻碍我们的进展。)因为过渡到 WebLogic,我们遇到了一个问题,即使用 j_security_check 登录后 flexsession 无效:

[BlazeDS]Unexpected error encountered in Message Broker servlet
flex.messaging.LocalizedException: The FlexSession is invalid.
        at flex.messaging.FlexSession.checkValid(FlexSession.java:943)
        at flex.messaging.FlexSession.getUserPrincipal(FlexSession.java:254)
        at flex.messaging.HttpFlexSession.getUserPrincipal(HttpFlexSession.java:286)
        at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:296)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)

我已经尝试了 services-config.xml 中的几乎所有选项:

    <security>
        <login-command class="flex.messaging.security.WeblogicLoginCommand" server="Weblogic"/>
        <!-- Uncomment the correct app server
        <login-command class="flex.messaging.security.TomcatLoginCommand" server="JBoss">
        <login-command class="flex.messaging.security.JRunLoginCommand" server="JRun"/>        
        <login-command class="flex.messaging.security.TomcatLoginCommand" server="Tomcat"/>
        <login-command class="flex.messaging.security.WebSphereLoginCommand" server="WebSphere"/>
        -->
    </security>

我什至完全删除了这部分,但没有运气。从非 BlazeDS 的角度来看,登录功能正常。它正确地对用户进行身份验证。如果没有身份验证,BlazeDS 可以正常工作(任何远程调用都没有错误。)一起失败(每次都无效的 flexsession。)

有没有人有这个工作?有小费吗?

4

1 回答 1

0

修改services-config.xml看起来像
<security auto-config="true" session-fixation-protection="none">
   <login-command class="flex.messaging.security.TomcatLoginCommand" ....

于 2010-07-03T19:46:19.727 回答