在 Wildfly Swarm 中配置 JASPIC 身份验证时,我需要一些帮助。JASPIC 配置在普通的 Wildfly 中完美运行,但我无法让它与 Wildfly Swarm 一起使用。我总是这个错误:
2017-07-07 11:15:08,819 ERROR [org.jboss.security] (default task-3) PBOX00374: Error getting ServerAuthContext for authContextId default-host /Tiles and security domain obbi-auth-id: javax.security.auth.message.AuthException
at org.jboss.security.auth.message.config.JBossServerAuthConfig.getAuthContext(JBossServerAuthConfig.java:169)
at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:99)
at org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism.authenticate(JASPICAuthenticationMechanism.java:123)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.tranTISion(SecurityContextImpl.java:245)
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
at io.undertow.security.impl.SecurityContextImpl.authTranTISion(SecurityContextImpl.java:99)
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
我的 Wildfly 独立配置有效的是
<security-domain name="obbi-auth-id">
<authentication-jaspi>
<login-module-stack name="authid-loginmodule-stack">
<login-module code="com.obbi.domain.security.loginmodule.jwt.JWTLoginModule" flag="sufficient" module="com.obbi.domain.security">
<module-option name="expectedIssuer" value="CN=DI TIS signer"/>
<module-option name="expectedAudience" value="obbi"/>
<module-option name="allowedClockSkewInSeconds" value="30"/>
<module-option name="validateTokenSignature" value="false"/>
<module-option name="maxFutureValidityInMinutes" value="525600"/>
<module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks"/>
<module-option name="keyStorePassword" value="pass123"/>
<module-option name="validateCertificate" value="false"/>
<module-option name="loadSystemPrincipals" value="true"/>
<module-option name="loadSystemPrincipalsEndpoint" value="https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&size=1000&username=%s"/>
<module-option name="skipAllValidators" value="true"/>
</login-module>
<login-module code="com.obbi.domain.security.loginmodule.obbi.obbiLoginModule" flag="sufficient" module="com.obbi.domain.security">
<module-option name="keyStoreFilePath" value="C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks"/>
<module-option name="keyStorePassword" value="pass123"/>
<module-option name="validateCertificate" value="false"/>
<module-option name="validateTokenExpiry" value="false"/>
<module-option name="validateTokenSignature" value="false"/>
<module-option name="loadSystemPrincipals" value="true"/>
<module-option name="loadSystemPrincipalsEndpoint" value="https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&size=1000&username=%s"/>
</login-module>
</login-module-stack>
<auth-module code="com.obbi.domain.security.JASPICServerAuthModule" flag="required" login-module-stack-ref="authid-loginmodule-stack"/>
</authentication-jaspi>
</security-domain>
我试图模仿上述 Wildfly 独立配置的 Wildfly swarm 配置是:
private static SecurityFraction getSecurityFraction1() {
return new SecurityFraction()
.securityDomain("obbi-auth-id", sd -> {
sd.jaspiAuthentication(jaspi -> {
jaspi.loginModuleStack("authid-loginmodule-stack", stack -> {
stack.loginModule("com.obbi.domain.security.loginmodule.jwt.JWTLoginModule", value -> {
value.code("com.obbi.domain.security.loginmodule.jwt.JWTLoginModule")
.flag(Flag.SUFFICIENT)
.module("com.obbi.domain.security")
.moduleOption("expectedIssuer", "CN=DI TIS signer")
.moduleOption("expectedAudience", "obbi")
.moduleOption("allowedClockSkewInSeconds", "30")
.moduleOption("validateTokenSignature", "false")
.moduleOption("maxFutureValidityInMinutes", "525600")
.moduleOption("keyStoreFilePath", "C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks")
.moduleOption("keyStorePassword", "pass123")
.moduleOption("validateCertificate", "false")
.moduleOption("loadSystemPrincipals", "true")
.moduleOption("loadSystemPrincipalsEndpoint", "https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&size=1000&username=%s")
.moduleOption("skipAllValidators", "true");
stack.loginModule("com.obbi.domain.security.loginmodule.obbi.obbiLoginModule", value1 -> {
value1.code("com.obbi.domain.security.loginmodule.obbi.obbiLoginModule")
.flag(Flag.SUFFICIENT)
.module("com.obbi.domain.security")
.moduleOption("keyStoreFilePath", "C:/wildfly-10.1.0.Final/standalone/configuration/obbi-token-keystore.jks")
.moduleOption("keyStorePassword", "pass123")
.moduleOption("validateCertificate", "false")
.moduleOption("validateTokenExpiry", "false")
.moduleOption("validateTokenSignature", "false")
.moduleOption("loadSystemPrincipals", "true")
.moduleOption("loadSystemPrincipalsEndpoint", "https://pu.obbi.co.za:4266/di/services/v1/auth-id?page=0&size=1000&username=%s");
});
});
});
jaspi.authModule("com.obbi.domain.security.JASPICServerAuthModule", authModule -> {
authModule.code("com.obbi.domain.security.JASPICServerAuthModule")
.flag(Flag.SUFFICIENT)
.loginModuleStackRef("authid-loginmodule-stack");
});
});
});
}
在我的 POM 上,我添加了与普通 wildfly 的模块依赖项相对应的所有依赖项
<dependency>
<groupId>org.picketbox</groupId>
<artifactId>picketbox</artifactId>
<version>4.9.6.Final</version>
<type>pom</type>
</dependency>
<dependency>
<groupId>org.picketbox</groupId>
<artifactId>picketbox-infinispan</artifactId>
<version>4.9.6.Final</version>
</dependency>
<dependency>
<groupId>org.picketbox</groupId>
<artifactId>picketbox-commons</artifactId>
<version>1.0.0.final</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.auth.message</groupId>
<artifactId>jboss-jaspi-api_1.1_spec</artifactId>
<version>1.0.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbossxacml</artifactId>
<version>2.0.8.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.servlet</groupId>
<artifactId>jboss-servlet-api_3.1_spec</artifactId>
<version>1.0.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging</artifactId>
<version>3.3.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.xml.bind</groupId>
<artifactId>jboss-jaxb-api_2.2_spec</artifactId>
<version>1.0.4.Final</version>
</dependency>
<dependency>
<groupId>javax.activation</groupId>
<artifactId>activation</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.security.jacc</groupId>
<artifactId>jboss-jacc-api_1.5_spec</artifactId>
<version>1.0.0.Final</version>
</dependency>
<dependency>
<groupId>org.jboss.spec.javax.resource</groupId>
<artifactId>jboss-connector-api_1.7_spec</artifactId>
<version>1.0.0.Final</version>
</dependency>
I also added the corresponding modules on src/main/resources/modules
但我仍然得到
2017-07-07 11:15:08,819 ERROR [org.jboss.security] (default task-3) PBOX00374: Error getting ServerAuthContext for authContextId default-host /Tiles and security domain obbi-auth-id: javax.security.auth.message.AuthException