Glassfish4 : Waffle SSO Servlet筛选器提供基本身份验证登录弹出窗口

Question

我正在尝试在我的应用程序中实现单点登录(使用Waffle's example)，我一直在应用程序服务器的库中跟踪jars：

caffeine-2.8.4.jar
jcl-over-slf4j-2.0.0-alpha1.jar
jna-platform-5.5.0.jar
logback-classic-1.3.0-alpha5.jar
logback-core-1.3.0-alpha5.jar
slf4j-api-2.0.0-alpha1.jar
waffle-tomcat7-2.3.0.jar
waffle-jna-2.3.0.jar

我已经更新了我的web.xml，使其具有适当的安全过滤器：

<!-- SSO -->
    <filter>
      <filter-name>SecurityFilter</filter-name>
      <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>SecurityFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>

下一步是，我使用我的域用户名启动应用程序作为服务。到现在为止一切都很好。

现在，当我点击应用程序url时，它会弹出基本的身份验证窗口。当我检查日志时，一切看起来都很好：

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - GET /iFM/desktopNotification_serviceWorker.js, contentlength: -1]]

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:60170]]

[2020-12-10T15:48:38.897+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318897] [levelValue: 800] [[
  15:48:38.897 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - token buffer: 121 byte(s)]]

[2020-12-10T15:48:38.908+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318908] [levelValue: 800] [[
  15:48:38.908 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - continue token: oRswGaADCgEAoxIEEAEAAADBU/5OcoZ2owAAAAA=]]

[2020-12-10T15:48:38.909+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615318909] [levelValue: 800] [[
  15:48:38.908 [http-listener-1(4)] DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - continue required: false]]

[2020-12-10T15:48:39.045+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615319045] [levelValue: 800] [[
  15:48:39.045 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - logged in user: INT\WareyAn (S-1-5-21-746137067-764733703-725345543-1003051)]]

[2020-12-10T15:48:40.843+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615320843] [levelValue: 800] [[
  15:48:40.843 [http-listener-1(4)] DEBUG waffle.servlet.NegotiateSecurityFilter - roles: (**I have removed this info **)

[2020-12-10T15:48:40.843+0000] [glassfish 4.1] [INFO] [] [] [tid: _ThreadID=33 _ThreadName=Thread-9] [timeMillis: 1607615320843] [levelValue: 800] [[
  15:48:40.843 [http-listener-1(4)] INFO waffle.servlet.NegotiateSecurityFilter - successfully logged in user: INT\WareyAn]]

所以看看日志，看起来好像Waffle已经验证了我的身份，但Glassfish仍然不知何故不信任它(通过给我弹出窗口)，你知道出了什么问题吗？任何帮助都将不胜感激。

仅供参考:我的应用程序使用LDAPRealm进行身份验证。

Answer 1

好吧，我自己解决了这个问题，最后它在Glassfish4上起作用了！因为我使用的是servlet过滤器，所以我的web.xml实际上不应该有以下内容(因为它之前是基于表单的登录)：

<security-constraint>
    <display-name>AppSecurity Constraint</display-name>

    <web-resource-collection>
        <web-resource-name>Protected Area (Whole Application)</web-resource-name>
        <url-pattern>/mainUrl/*</url-pattern>
        <url-pattern>/url2/*</url-pattern>
        <url-pattern>/url3/*</url-pattern>
        <url-pattern>/url4/*</url-pattern>
        <url-pattern>/url5/*</url-pattern>
    </web-resource-collection>

    <!-- User must be in role to login. -->
    <auth-constraint>
        <role-name>SomeRoleName</role-name>
    </auth-constraint>
</security-constraint>

移除它后，它开始工作。