0

我正在努力将 Wildfly 12/14 Elytron Ldap 身份验证机制引入我的两个 webapps 应用程序。

虽然我已经按照 Wildfly 文档中的步骤通过 jboss-cli.sh 成功部署了 DirContext、LdapRealm、SecurityDomain 等,但当我<security-domain>在“WEB-INF/jboss-web.xml”中添加标签并启动容器时,我收到以下错误:

    "WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.myApplicationDomain"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.deployment.unit.\"ldapauthentication.war\".component.MemberRegistration.CREATE is missing [jboss.security.security-domain.myApplicationDomain]"]

注意:即使将“standalone.xml”日志级别设置为 TRACE,有关此的唯一信息是上述行。

jboss-cli.sh用于实现 Elytron 安全子系统的顺序命令是:

/subsystem=elytron/dir-context=exampleDC:add(url="ldap://172.17.0.2:389",principal="cn=admin,dc=wildfly,dc=org",credential-reference={clear-text="secret"})
/subsystem=elytron/ldap-realm=exampleLR:add(dir-context=exampleDC,identity-mapping={search-base-dn="ou=Users,dc=wildfly,dc=org",rdn-identifier="uid",user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=wildfly,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=exampleLdapSD:add(realms=[{realm=exampleLR,role-decoder=from-roles-attribute}],default-realm=exampleLR,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=example-ldap-http-auth:add(http-server-mechanism-factory=global,security-domain=exampleLdapSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=myApplicationDomain}]}])
/subsystem=undertow/application-security-domain=myApplicationDomain:add(http-authentication-factory=example-ldap-http-auth)

jboss-web.xml和文件都web.xml定义如下:

jboss-web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
  http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">

    <security-domain>myApplicationDomain</security-domain>

</jboss-web>

网页.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee"
    xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
    version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee">

    <display-name>ldapauth</display-name>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>secure</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>Admin</role-name>
        </auth-constraint>
    </security-constraint>

    <security-role>
        <description>Ldap Secured</description>
        <role-name>Admin</role-name>
    </security-role>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>myApplicationDomain</realm-name>
    </login-config>

    <session-config>
        <session-timeout>8</session-timeout>
    </session-config>

    <welcome-file-list>
        <welcome-file>/index.html</welcome-file>
    </welcome-file-list>
</web-app>

我错过了什么?

4

1 回答 1

0

component.MemberRegistration.CREATE (ejb?) 正在使用旧的安全域 jboss.security.security-domain.myApplicationDomain。

您应该在 ejb 子系统中使用定义应用程序安全域(类似于您对 undertow 所做的)来了解应该使用 Elytron 域。

/subsystem=ejb3/application-security-domain=myApplicationDomain:add(security-domain=exampleLdapSD)

于 2019-02-06T15:59:00.687 回答