我已经使用 project-defaults.yml 在 thorntail 应用程序上配置了 WildFly Elytron 安全性。但是,应用程序无法调用或连接到远程安全 EJB
这是 Elytron 的 yaml 配置 - 我不确定这是否正确配置。
thorntail:
elytron:
sasl-authentication-factories:
application-sasl-authentication:
mechanism-configurations:
- mechanism-name: 'GSSAPI'
- mechanism-name: 'PLAIN'
- mechanism-name: 'JBOSS-LOCAL-USER'
- mechanism-name: 'DIGEST-MD5'
- mechanism-realm-configurations:
- realm-name: ApplicationRealm
security-domain: ApplicationDomain
sasl-server-factory: configured
authentication-configurations:
default:
security-domain: ApplicationDomain
sasl-mechanism-selector: 'PLAIN'
security-domains:
ApplicationDomain:
realms:
- realm: ApplicationRealm
default-realm: ApplicationRealm
remoting:
http-connectors:
http-remoting-connector:
sasl-security:
policy-sasl-policy:
no-plain-text: false
include-mechanisms:
- 'PLAIN'
sasl-authentication-factory: application-sasl-authentication
security-realm: ApplicationRealm
connector-ref: default
management:
https:
port: 9993
http:
port: 9990
security-realms:
ApplicationRealm:
jaas-authentication:
name: AppSecDom
ssl-server-identity:
alias: 'alias'
keystore-provider: PKCS12
keystore-path: ${javax.net.ssl.keyStore}
keystore-password: ${javax.net.ssl.keyStorePassword}
从客户端这就是我尝试连接到 EJB 的方式。
public final static AuthenticationContext authenticationContext() throws Exception{
LOG.info("***********Start AUTHENTICATION*****************." );
try{
AuthenticationConfiguration config = AuthenticationConfiguration.empty().setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("#ALL")).
useName("username").usePassword("password");
final AuthenticationContext authCtx = AuthenticationContext.empty().
with(MatchRule.ALL, config);
ContextManager<AuthenticationContext> contextManager = authCtx.getInstanceContextManager();
contextManager.setThreadDefault(authCtx);
return contextManager.get();
}catch (Exception e){
LOG.error("Error authentication : " + e);
throw new Exception(e);
}
}
来自控制台的错误。
Suppressed: org.jboss.ejb.client.RequestSendFailedException: Destination @ remote+http://127.0.0.1:8080
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:104)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:76)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (GSSAPI, JBOSS-LOCAL-USER, GS2-KRB5-PLUS, GS2-KRB5, ANONYMOUS) are supported
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:444)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
at ...asynchronous invocation...(Unknown Source)
请协助解决这个问题,因为我不确定我接下来需要做什么。