0

我正在尝试在我的应用程序中实现 SSO(使用Waffle 的示例),我一直在应用服务器的 lib 中跟踪 jar:

caffeine-2.8.4.jar
jcl-over-slf4j-2.0.0-alpha1.jar
jna-platform-5.5.0.jar
logback-classic-1.3.0-alpha5.jar
logback-core-1.3.0-alpha5.jar
slf4j-api-2.0.0-alpha1.jar
waffle-tomcat7-2.3.0.jar
waffle-jna-2.3.0.jar

我已更新我的 web.xml 以具有适当的安全过滤器:

<!-- SSO -->
    <filter>
      <filter-name>SecurityFilter</filter-name>
      <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>SecurityFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

下一步是,我使用我的域用户名将应用程序作为服务启动。到目前为止一切都很好。

现在,当我点击应用程序 url 时,它会给我基本的身份验证弹出窗口。当我检查日志时,一切看起来都很好:

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - GET /iFM/desktopNotification_serviceWorker.js, contentlength: -1]]

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:60170]]

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - token buffer: 121 byte(s)]]

[2020-12-10T15:48:38.908+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318908] [levelValue: 800] [[
  15:48:38.908 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - continue token: oRswGaADCgEAoxIEEAEAAADBU/5OcoZ2owAAAAA=]]

[2020-12-10T15:48:38.909+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318909] [levelValue: 800] [[
  15:48:38.908 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - continue required: false]]

[2020-12-10T15:48:39.045+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615319045] [levelValue: 800] [[
  15:48:39.045 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - logged in user: INT\WareyAn (S-1-5-21-746137067-764733703-725345543-1003051)]]

[2020-12-10T15:48:40.843+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615320843] [levelValue: 800] [[
  15:48:40.843 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - roles: (**I have removed this info **)

[2020-12-10T15:48:40.843+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615320843] [levelValue: 800] [[
  15:48:40.843 [http-listener-1(4)] INFO waffle.servlet.NegotiateSecurityFilter - successfully logged in user: INT\WareyAn]]

所以查看日志,看起来华夫饼已经对我进行了身份验证,但 Glassfish 仍然以某种方式不信任它(通过给我弹出窗口),知道出了什么问题吗?任何帮助将非常感激 。

仅供参考:我的应用程序使用 LDAPRealm 进行身份验证。

4

1 回答 1

0

好的,我自己解决了这个问题,最后它在 Glassfish4 上工作了!!当我使用 servlet 过滤器时,我web.xml实际上不应该有以下内容(因为它之前是基于表单的登录):

<security-constraint>
    <display-name>AppSecurity Constraint</display-name>

    <web-resource-collection>
        <web-resource-name>Protected Area (Whole Application)</web-resource-name>
        <url-pattern>/mainUrl/*</url-pattern>
        <url-pattern>/url2/*</url-pattern>
        <url-pattern>/url3/*</url-pattern>
        <url-pattern>/url4/*</url-pattern>
        <url-pattern>/url5/*</url-pattern>
    </web-resource-collection>

    <!-- User must be in role to login. -->
    <auth-constraint>
        <role-name>SomeRoleName</role-name>
    </auth-constraint>
</security-constraint>

取下它后,它开始工作。

于 2020-12-23T12:33:42.973 回答