我已按照本教程配置了ejbuser
具有密码12345678
和角色的用户appCitas
。我遵循的说明是:
C:\wildfly-14.0.1.Final\bin>jboss-cli.bat 此刻
你已断开连接。键入“connect”以连接到服务器,或键入“help”以获取支持的命令列表。
[断开/]连接[standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=proxyRealm:add(path=proxy-realm-users,relative-to=jboss.server.config.dir)
{"结果" => "成功" }[standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=proxyRealm:add-identity(identity=ejbuser)
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=proxyRealm:set-password(identity=ejbuser,clear={password=12345678})
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=elytron/filesystem-realm=proxyRealm:add-identity-attribute(identity=ejbuser,name=Roles,value=["guest", "appCitas"])
{"结果" = > “成功”}[standalone@localhost:9990 /] /subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=elytron/security-domain=proxySD:add(default-realm=proxyRealm,permission-mapper=default-permission-mapper,realms=[{realm=proxyRealm,role-decoder=from -roles-attribute},{realm=local}])
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=elytron/sasl-authentication-factory=proxy-application-sasl-autentication:add(mechanism-configurations=[{mechanism-name=JBOSS-LOCAL-USER,realm-mapper=local },{mechanism-name=DIGEST-MD5,mechanism-realm-configurations=[{realm-name=proxyRealm}]},{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=proxyRealm}] }],sasl-server-factory=configured,security-domain=proxySD)
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=ejb3/application-security-domain=other:add(security-domain=proxySD)
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=remoting/http-connector=http-remoting-connector:write-attribute(name=sasl-authentication-factory,value=proxy-application-sasl-autentication)
{“结果”= >“成功”,“响应头”=> {“操作要求重新加载”=>真,“进程状态”=>“重新加载要求”}}
在 mi EJB 中,我有
@WebService(
endpointInterface = "es.ssib.otic.test.prototipoEjbCitas.ApiCitasPublico",
name = "ApiCitasEjb")
@RolesAllowed("apiCitas")
@Stateless
public class ApiCitasPublicoImpl
implements ApiCitasPublico {
@Override
public @XmlElement(name = "pacienteCitaResponse", required = true) PacienteCitaResponse getPacienteCita(
@WebParam(name = "datosSolicitante") @XmlElement(required = true) IdPeticion idPaciente) {
...
}
而我jboss-app.xml
的是
<?xml version="1.0" encoding="UTF-8"?>
<jboss-app>
<security-domain>other</security-domain>
</jboss-app>
耳朵正确部署并且它没有显示任何日志问题,但我尝试从 SoapUI 访问一个方法并添加一个基本身份验证,其中:
- 用户名:ejbuser
- 密码:12345678
- 域:我尝试过使用其他 proxySD、proxyRealm 并将其留空
- 抢先验证:我已将“域”的所有上述值与“使用全局首选项”和“抢先验证”结合起来。
在所有情况下,我都会得到一个
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>WFLYEJB0364: Invocation on method: public es.ssib.otic.test.prototipoEjbCitas.beans.PacienteCitaResponse es.ssib.otic.test.prototipoEjbCitas.impl.ApiCitasPublicoImpl.getPacienteCita(es.ssib.otic.test.prototipoEjbCitas.beans.IdPeticion) of bean: ApiCitasPublicoImpl is not allowed</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
如果我删除安全配置,我可以毫无问题地通过 SoapUI 访问。
使用 WildFly 14.0.0.1 Final。
注意:这个问题与我之前的问题有些相关,但是由于我已经重新安装了wildfly并且我已经按照上面提到的教程一步一步地进行操作,所以我认为最好将它作为一个单独的问题发布。
更新
按照@fjuma的回答,我配置了以下内容:
[standalone@localhost:9990 /] /subsystem=elytron/http-authentication-factory=proxy-application-http-authentication:add(http-server-mechanism-factory=global,security-domain=proxySD,mechanism-configurations=[ {mechanism-name=BASIC,mechanims-realm-configuration=[{realm-name=proxyAD}]}])
{"结果" => "成功"}[standalone@localhost:9990 /] /subsystem=undertow/application-security-domain=proxyAD:add(http-authentication-factory=proxy-application-http-authentication)
{"结果" => "成功"}
security-domain
并将in的值更改jboss-app.xml
为proxyAD
,部署耳朵时出现错误:
{
"WFLYCTL0412: 未安装的必需服务:" => ["jboss.security.security-domain.proxyAD"],
"WFLYCTL0180: 缺少/不可用依赖项的服务" => [
"jboss.deployment.subunit.\" prototipoEarCitas-0.0.1-SNAPSHOT.ear\".\"prototipoEjbCitas-0.0.1-SNAPSHOT.jar\".component.ApiCitasPublicoImpl.CREATE 缺失 [jboss.security.security-domain.proxyAD]",
"jboss.ws .endpoint.\"prototipoEarCitas-0.0.1-SNAPSHOT.ear\".\"prototipoEjbCitas-0.0.1-SNAPSHOT.jar\".ApiCitasPublicoImpl 丢失 [jboss.security.security-domain.proxyAD]"
]
}