1

我仍在尝试为 Wildfly 9 实现自定义 JASPIC 登录模块。如果登录成功,一切都按预期工作。但如果登录不成功,我希望得到 HTTP 403 响应。所以我写了这个小测试:

@Test
public void invalidCredentials() throws IOException, SAXException {
    try {
        WebConversation webConversation = new WebConversation();
        GetMethodWebRequest request = new GetMethodWebRequest(deployUrl + "LoginServlet");
        request.setParameter("token", "invalid");
        WebResponse response = webConversation.getResponse(request);
        fail("Got " + response.getResponseCode() + " expected 403!");
    } catch (final HttpException e) {
        assertEquals(403, e.getResponseCode());
    }
}

结果是这样的:

Failed tests: 
    JaspicLoginTest.invalidCredentials:114 Got 200 expected 403!

我尝试了这三个选项来结束无效身份验证后validateRequest的方法:ServerAuthModule

return AuthStatus.SEND_FAILURE;
return AuthStatus.FAILURE;
throw new AuthException();

但以上都不会产生身份验证失败 HTTP 响应 (403)。这又是一个 Wildfly 错误吗?还是我必须以其他方式生成此返回码?

4

1 回答 1

1

好的,显然可以采用 MessageInfo 对象并可以执行以下操作:

public AuthStatus validateRequest(MessageInfo messageInfo, 
                                  Subject clientSubject, 
                                  Subject serviceSubject) throws AuthException{
    //Invalid case:
    HttpServletResponse response =
                        (HttpServletResponse) messageInfo.getResponseMessage();
    response.setStatus(HttpServletResponse.SC_FORBIDDEN);
    return AuthStatus.SEND_FAILURE;
}
于 2015-11-18T15:23:42.420 回答