定义 jboss-web.xml 安全域会导致我的 EJB 缺少依赖项
Defining jboss-web.xml security-domain causes missing dependencies for my EJBs
我有一个可以正常工作的 Web 应用程序(一个 .war,其中包含一个带有三个 EJB 的 .jar)。
我通过jboss-cli:
定义了一个LDAP安全域
/subsystem=elytron/dir-context=pepDirContext:add(url="ldap://127.0.0.1:10389",principal="uid=admin,ou=system",credential-reference={clear-text="secret"})
/subsystem=elytron/ldap-realm=pepRealm:add(dir-context=pepDirContext,identity-mapping={search-base-dn="ou=Users,dc=jboss,dc=org",rdn-identifier=uid,user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=jboss,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=pepSD:add(realms=[{realm=pepRealm,role-decoder=from-roles-attribute}],default-realm=pepRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=pep-http-auth:add(http-server-mechanism-factory=global,security-domain=pepSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=pepRealm}]}]
/subsystem=undertow/application-security-domain=pepASD:add(http-authentication-factory=pep-http-auth)
/subsystem=undertow/application-security-domain=pepSD:add(http-authentication-factory=pep-http-auth)
注意:我已经决定两个 "application-security-domain" 作为测试的一部分,理想情况下我只想使用 pepASD。
现在,我将 war 添加到 WEB-INF/jboss-web.xml 文件:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>pepSD</security-domain>
</jboss-web>
当我部署它时,我得到:
14:48:31,347 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.pepSD"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"frontend.war\".component.UsuarioEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.GerenciaEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.FlujoEjb.CREATE is missing [jboss.security.security-domain.pepSD]"
我错过了什么?
我在 Java 11.
上使用 WildFly 18.0.0.1
事实证明,对于 EJB,我需要在 ejb3 子系统中定义一个应用程序安全域:
/subsystem=ejb3/application-security-domain=pepASD:add(security-domain=pepSD)
我需要多尝试一下以检查 ejb3 和 undertow 的 application-security-domain 之间的关系(如果有的话)
我有一个可以正常工作的 Web 应用程序(一个 .war,其中包含一个带有三个 EJB 的 .jar)。
我通过jboss-cli:
定义了一个LDAP安全域/subsystem=elytron/dir-context=pepDirContext:add(url="ldap://127.0.0.1:10389",principal="uid=admin,ou=system",credential-reference={clear-text="secret"})
/subsystem=elytron/ldap-realm=pepRealm:add(dir-context=pepDirContext,identity-mapping={search-base-dn="ou=Users,dc=jboss,dc=org",rdn-identifier=uid,user-password-mapper={from="userPassword"},attribute-mapping=[{filter-base-dn="ou=Roles,dc=jboss,dc=org",filter="(&(objectClass=groupOfNames)(member={1}))",from="cn",to="Roles"}]})
/subsystem=elytron/simple-role-decoder=from-roles-attribute:add(attribute=Roles)
/subsystem=elytron/security-domain=pepSD:add(realms=[{realm=pepRealm,role-decoder=from-roles-attribute}],default-realm=pepRealm,permission-mapper=default-permission-mapper)
/subsystem=elytron/http-authentication-factory=pep-http-auth:add(http-server-mechanism-factory=global,security-domain=pepSD,mechanism-configurations=[{mechanism-name=BASIC,mechanism-realm-configurations=[{realm-name=pepRealm}]}]
/subsystem=undertow/application-security-domain=pepASD:add(http-authentication-factory=pep-http-auth)
/subsystem=undertow/application-security-domain=pepSD:add(http-authentication-factory=pep-http-auth)
注意:我已经决定两个 "application-security-domain" 作为测试的一部分,理想情况下我只想使用 pepASD。
现在,我将 war 添加到 WEB-INF/jboss-web.xml 文件:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>pepSD</security-domain>
</jboss-web>
当我部署它时,我得到:
14:48:31,347 ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("full-replace-deployment") failed - address: ([]) - failure description: {
"WFLYCTL0412: Required services that are not installed:" => ["jboss.security.security-domain.pepSD"],
"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.deployment.unit.\"frontend.war\".component.UsuarioEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.GerenciaEjb.CREATE is missing [jboss.security.security-domain.pepSD]",
"jboss.deployment.unit.\"frontend.war\".component.FlujoEjb.CREATE is missing [jboss.security.security-domain.pepSD]"
我错过了什么?
我在 Java 11.
上使用 WildFly 18.0.0.1事实证明,对于 EJB,我需要在 ejb3 子系统中定义一个应用程序安全域:
/subsystem=ejb3/application-security-domain=pepASD:add(security-domain=pepSD)
我需要多尝试一下以检查 ejb3 和 undertow 的 application-security-domain 之间的关系(如果有的话)