WildFly 8.2.1.数据库登录模块导致“禁止”错误。
WildFly 8.2.1.数据库登录模块导致“禁止”错误。
提问于 2015-11-05 13:52:27
我正在将一个应用程序迁移到WildFly,到了无法登录到管理部分的地步。我使用一个数据库登录模块,在设置TRACE日志级别之后,我看到查询已经成功执行--我在日志中看到了一些isValid=true行。
角色查询的第二列返回Roles (不需要挖掘服务器配置来检查) :)
如果输入无效用户或传入登录表单,我可以在日志中看到异常,说明没有这样的用户(正确)。我的逻辑是,这可以被看作是主体和角色查询正确的证据。
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin panel</web-resource-name>
<description>Admin panel</description>
<url-pattern>/admin/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>aaa</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>aaa</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
<!--
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
-->
</form-login-config>
</login-config>jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/rmwebsite</security-domain>
<context-root>/</context-root>
</jboss-web>standalone.xml
<security-domain name="rmwebsite" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/RW_DB"/>
<module-option name="principalsQuery" value="select password from principal where username = ? and activity = 1"/>
<module-option name="rolesQuery" value="select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>在尝试登录之后在日志中显示了什么
14:42:42,203 TRACE [org.jboss.security] (default task-11) PBOX000354: Setting security roles ThreadLocal: null
14:42:42,206 TRACE [org.jboss.security] (default task-12) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000209: defaultLogin, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800
14:42:50,510 TRACE [org.jboss.security] (default task-13) PBOX000221: Begin getAppConfigurationEntry(rmwebsite), size: 4
14:42:50,513 TRACE [org.jboss.security] (default task-13) PBOX000224: End getAppConfigurationEntry(rmwebsite), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=select password from principal where username = ? and activity = 1
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/RW_DB
name=rolesQuery, value=select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000236: Begin initialize method
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000237: Saw unauthenticated indentity: guest
14:42:50,517 TRACE [org.jboss.security] (default task-13) PBOX000262: Module options [dsJndiName: java:/RW_DB, principalsQuery: select password from principal where username = ? and activity = 1, rolesQuery: select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?, suspendResume: true]
14:42:50,519 TRACE [org.jboss.security] (default task-13) PBOX000240: Begin login method
14:42:50,553 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select password from principal where username = ? and activity = 1 with username myuser
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000241: End login method, isValid: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000242: Begin commit method, overall result: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,563 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,575 TRACE [org.jboss.security] (default task-13) PBOX000210: defaultLogin, login context: javax.security.auth.login.LoginContext@1acfc77a, subject: Subject(1719716068).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser))
14:42:50,576 TRACE [org.jboss.security] (default task-13) PBOX000207: updateCache, input subject: Subject(1719716068).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser)), cached subject: Subject(1754901421).principals=org.jboss.security.SimplePrincipal@1733036054(myuser)org.jboss.security.SimpleGroup@1984058353(Roles(members:ddd))org.jboss.security.SimpleGroup@1984058353(CallerPrincipal(members:myuser))
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000208: Inserted cache info: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000201: End isValid, result = true
14:42:50,589 TRACE [org.jboss.security] (default task-13) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,591 TRACE [org.jboss.security] (default task-14) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081, credential class: class [C
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000205: End validateCache, result = true
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000201: End isValid, result = true
14:42:50,595 TRACE [org.jboss.security] (default task-14) PBOX000354: Setting security roles ThreadLocal: null
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@eee44800, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@40d62081, credential class: class [C
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000205: End validateCache, result = true
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000201: End isValid, result = true
14:51:39,172 TRACE [org.jboss.security] (default task-15) PBOX000354: Setting security roles ThreadLocal: null回答 1
Stack Overflow用户
回答已采纳
发布于 2015-11-06 14:27:14
最初,web.xml定义了一个安全角色'admin',它不在aaa,bbb,ccc,ddd中。结果仍然是“禁止的”- 403错误。auth约束指的是*。我把它改成了“aaa”来做测试。
在我完成以下操作之后,这个问题似乎得到了解决:*返回*在auth约束中*定义了“aaa”、“bbb”、“ccc”和“ddd”的安全角色。
谢谢你的回答。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/33546351
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号