文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >wildfly 10数据库登录模块

wildfly 10数据库登录模块
EN

Stack Overflow用户
提问于 2016-09-17 05:43:45
回答 1查看 2.2K关注 0票数 1

我正在尝试让数据库登录模块与Wildfly 10容器中的项目一起工作。

我遵循了这个教程:https://www.examsmyantra.com/article/119/javaee/form-based-login-authentication-in-javaee7-with-wildfly-and-mysql

而且还挺管用的。

我有一个包含EJB模块和Web模块(war)的EAR项目。war不包含EJB,它使用远程查找来访问EJB。

因此,当我访问WAR的受限制部分时,我会被正确地发送到登录表单(j_security_check)。

当我登录时,我可以看到受限制的部分。

即使当我登录servet,检查我是哪个用户,并检查我是否具有指定角色时,它也能正常工作。Servlet代码:

代码语言:javascript
复制
final String username = request.getUserPrincipal().getName();
logger.info("Current username acourding to the WEB: {}", request.getUserPrincipal().getName());
logger.info("User has Role user acourding to the WEB: {}", request.isUserInRole("user"));
logger.info("User has Role admin acourding to the WEB: {}", request.isUserInRole("admin"));

日志:

代码语言:javascript
复制
INFO  [com.example.web.servlet.DatasetServlet] (default task-5) Current username acourding to the WEB: user
INFO  [com.example.web.servlet.DatasetServlet] (default task-5) User has Role user acourding to the WEB: true
INFO  [com.example.web.servlet.DatasetServlet] (default task-5) User has Role admin acourding to the WEB: true
INFO [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user

但是当我像这样进入EJB bean时:

代码语言:javascript
复制
final String dataset = remote.getActiveDataset(); // this is still the servlet (WAR)

EJB:

代码语言:javascript
复制
final String username = this.ejbContext.getCallerPrincipal().getName();

logger.info("Get active dataset for the user: " + username);
logger.info("User has role 'user' {}", this.ejbContext.isCallerInRole("user"));
logger.info("User has role 'admin' {}", this.ejbContext.isCallerInRole("admin"));

我得到了:

代码语言:javascript
复制
Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration

PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class

Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule

完整的日志显示如下:

代码语言:javascript
复制
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO  [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
2016-09-16 22:53:52,724 DEBUG [org.jboss.security] (default task-5) PBOX00293: Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
    at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:106)
    at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:207)
    at org.jboss.as.naming.InitialContext$DefaultInitialContext.lookup(InitialContext.java:235)
    at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:193)
    at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:189)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.getPolicyRegistrationFromJNDI(EJBAuthorizationHelper.java:353)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:170)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
    at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    ...
    at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

2016-09-16 22:53:52,727 DEBUG [org.jboss.security] (default task-5) PBOX00282: Failed to instantiate class Database: java.lang.ClassNotFoundException: Database from [Module "deployment.ear.ear.business-ejb-assignment-SNAPSHOT.jar:main" from Service Module Loader]
    at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
    at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
    at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:326)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
    at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
    at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
    at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
    ...
    at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

2016-09-16 22:53:52,728 DEBUG [org.jboss.security] (default task-5) PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:336)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
    at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
    at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
    at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
    at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
    at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
    at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
    at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
    at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
... 
    at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
    at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
    at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
    at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
    at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
    at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

TRACE [org.jboss.security.audit] (default task-5) [Error]Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, roleName=user, policyRegistration=null}:method=null:ejbMethodInterface=null:ejbName=DatasetEJB:ejbPrincipal=org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@36ebcb:MethodRoles=null:securityRoleReferences=[]:callerSubject=Subject:
    Principal: user
    Principal: Roles(members:user,admin)
    Principal: CallerPrincipal(members:user)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=2.0];Action=authorization;roleRefPermissionCheck=true;Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class;roleName=user;Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;policyRegistration=null;
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO  [com.example.business.remote.DatasetEJB] (default task-5) User has role 'user' false

我不明白为什么。

我的猜测是安全域的配置是正确的,否则war将无法工作。因此,这一定与EJB中缺少的配置有关。

一些附加信息:

在standalone.xml中,我有以下设置:

代码语言:javascript
复制
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
   ...
    <default-security-domain value="jdbcejbrick"/>
    <default-missing-method-permissions-deny-access value="false"/>
    <log-system-exceptions value="true"/>
</subsystem>

代码语言:javascript
复制
<security-domain name="jdbcejbrick" cache-type="default">
    <authentication>
        <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
            <module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID  = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
            <module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
        </login-module>
    </authentication>
    <authorization>
        <policy-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
            <module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID  = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
            <module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
        </policy-module>
    </authorization>
</security-domain>

我在EJB的src/main/resources/META-INF中有一个jboss-ejb3.xml

代码语言:javascript
复制
<?xml version="1.0"?>

<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns:sec="urn:security" xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd
      http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd
      urn:security urn:security"
  version="3.1" impl-version="2.0">

  <assembly-descriptor>

    <sec:security>
      <ejb-name>*</ejb-name>
      <sec:security-domain>jdbcejbrick</sec:security-domain>
    </sec:security>
  </assembly-descriptor>

</jboss:ejb-jar>

我在EJB的src/main/resources/META-INF中有一个ejb-jar.xml

代码语言:javascript
复制
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar>
  <assembly-descriptor>

    <security-role>
      <role-name>admin</role-name>
    </security-role>

    <security-role>
      <role-name>user</role-name>
    </security-role>
  </assembly-descriptor>
</ejb-jar>

我感觉我真的很接近了,所以请帮帮忙。

jaas
security
containers
wildfly
EN

回答 1

Stack Overflow用户

发布于 2016-09-17 06:02:15

在解释这个问题时,我意识到这是一个策略问题,因为用户名在EJB中已经可以了。

错误“未能实例化类数据库: java.lang.ClassNotFoundException”给了我查看策略模块https://docs.jboss.org/author/display/WFLY10/Security+subsystem+configuration文档的想法

代码语言:javascript
复制
<policy-module code="PermitAll" flag="required">
    <module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
    <module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID  = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
    <module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
</policy-module>

如果Wildfly开发人员曾经阅读过本文,请验证独立配置,并在发生以下情况时记录消息!:D

希望这对某些人有帮助!

票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/39540500

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档