Jakarta EE 8 中的自定义 FORM 身份验证:身份验证后无法离开登录页面
Custom FORM authentication in Jakarta EE 8: can't leave login page after authentication
- Java 11
- 雅加达 EE 8
- 野蝇 20
我决定尝试一下我在 BalusC 的书 The Definitive Guide To JSF in Java 中看到的来自 Java EE Security 的新身份验证机制,称为“Custom FORM”身份验证=] EE 8.
我创建了一个简单的应用程序来测试它,但它不工作。问题是身份验证成功后,我没有重定向到欢迎页面,而是保留在登录页面中。好像应用程序没有识别出我已通过身份验证。
这些是相关文件的相关部分:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<display-name>autenticacao-visao</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allowed</web-resource-name>
<url-pattern>/templates/*</url-pattern>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-role>
<role-name>USER</role-name>
</security-role>
<welcome-file-list>
<welcome-file>start.xhtml</welcome-file>
</welcome-file-list>
</web-app>
UserAuthenticator.java(执行简单的身份验证)
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.annotation.FacesConfig;
import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(
loginPage = "/login.xhtml",
errorPage = ""
)
)
@FacesConfig
@ApplicationScoped
public class UserAuthenticator implements IdentityStore
{
@Override
public CredentialValidationResult validate(Credential credencial)
{
String name = ((UsernamePasswordCredential) credencial).getCaller();
return new CredentialValidationResult(new CallerPrincipal(name), Set.of("USER"));
}
}
PagLogin(CDI bean)
import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.SecurityContext;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotBlank;
@RequestScoped
@Named
public class PagLogin
{
private String _userName;
private String _password;
@Inject
private FacesContext _facesContext;
@Inject
private ExternalContext _externalContext;
@Inject
private SecurityContext _securityContext;
@NotBlank(message = "User name is required.")
public String getUserName()
{
return _userName;
}
public void setUserName(String userName)
{
_userName = userName;
}
@NotBlank(message = "Password is required.")
public String getPassword()
{
return _password;
}
public void setPassword(String password)
{
_password = password;
}
public String authenticateUser() throws IOException
{
AuthenticationStatus result = executeUserAuthentication();
if (result == AuthenticationStatus.SUCCESS)
{
// It really passes here, but I'm not redirected to the start
// page. I keep in the login page.
return "/start?faces-redirect=true";
}
else if (result == AuthenticationStatus.SEND_CONTINUE)
{
_facesContext.responseComplete();
}
else if (result == AuthenticationStatus.SEND_FAILURE)
{
_facesContext.addMessage(null, new FacesMessage(
FacesMessage.SEVERITY_ERROR, "Invalid user name and/or password.", null));
}
return null;
}
private AuthenticationStatus executeUserAuthentication()
{
return _securityContext.authenticate(
(HttpServletRequest) _externalContext.getRequest(),
(HttpServletResponse) _externalContext.getResponse(),
AuthenticationParameters.withParams().credential(
new UsernamePasswordCredential(_userName, _password))
);
}
}
login.xhtml(JSF登录页面)
<ui:composition template="/templates/layout.xhtml"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:au="http://desenvolvimento.br/autenticacao">
<ui:define name="titulo">
Login
</ui:define>
<ui:define name="conteudo">
<au:erros />
<div id="campos">
<h:outputLabel value="User name:" for="userName" />
<h:inputText id="userName" value="#{pagLogin.userName}" />
<h:outputLabel value="Password:" for="password" />
<h:inputSecret id="password" value="#{pagLogin.password}" />
<h:commandButton value="Enter" action="#{pagLogin.authenticateUser}" />
</div>
</ui:define>
</ui:composition>
但是当我点击 Enter 按钮时,我看到我真的得到了一个 AuthenticationStatus.SUCCESS,但是我没有重定向到 start.xhtml 页面,即使我尝试在浏览器地址栏中手动更改它。它让我重定向到登录页面。
在 AuthenticationStatus result = executeUserAuthentication(); 之后,如果我输入此代码:
boolean authenticated = ((HttpServletRequest) _externalContext.getRequest()).getUserPrincipal() != null;
变量authenticated是true。
也许只是少了一点东西,但我不知道是什么。
更新 1
我注意到我在登录后在应用程序服务器日志中也收到此警告:
16:57:47,217 WARN [org.jboss.weld.Servlet] (default task-2) WELD-000717: Unable to deactivate context org.jboss.weld.module.web.context.http.LazyHttpConversationContextImpl@56a54798 when destroying request HttpServletRequestImpl [ POST /autenticacao/login.xhtml ]
不知道跟问题有没有关系
怀念过去,在 <login-config><login-config>web.xml 时,一切都很复杂,在 j_security_check 时,一切都很丑陋,但 WORKED .
更新 2
我找到了解决方法。看看评论。
更新 3
Sylvain Autran 在这里创建了一个最小的工作示例:
他正在使用版本 201 和 2020.2 的 Payara 5 来执行他的示例。因此,我决定克隆并执行其在 Wildfly 20 中使用 @CustomFormAuthenticationMechanismDefinition 的示例。当我单击登录页面中的 Submit 按钮时,出现此错误,一个 NullPointerException 在 JSF 实现中:
16:20:40,350 WARNING [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-1) #{login.submit}: java.lang.NullPointerException: javax.faces.FacesException: #{login.submit}: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:96)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UICommand.broadcast(UICommand.java:222)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create[=16=](SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access[=16=]0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
... 58 more
Caused by: java.lang.NullPointerException
at deployment.jakartasecurity.war//org.example.view.Login.submit(Login.java:51)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
... 59 more
16:20:40,355 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jakartasecurity/login.xhtml: javax.servlet.ServletException: java.lang.NullPointerException
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:725)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create[=16=](SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access[=16=]0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UICommand.broadcast(UICommand.java:222)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
... 50 more
Caused by: java.lang.NullPointerException
at deployment.jakartasecurity.war//org.example.view.Login.submit(Login.java:51)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
... 59 more
所以,这似乎是 Wildfly 20 中的问题,而不是应用程序中的问题。
我决定再试一次 @CustomFormAuthenticationMechanismDefinition 注释。
我创建了一个 app 目录并将 start.xhtml 放在里面。
web.xml 文件的相关部分现在如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<display-name>autenticacao-visao</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restrict</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allowed</web-resource-name>
<url-pattern>/app/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-role>
<role-name>USER</role-name>
</security-role>
<welcome-file-list>
<welcome-file>app/start.xhtml</welcome-file>
</welcome-file-list>
</web-app>
之后,出于某种原因,应用程序终于 成功了 ,我可以离开 登录 页面和 start 显示页面。
现在我面临另一个小问题:
On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS
- Java 11
- 雅加达 EE 8
- 野蝇 20
我决定尝试一下我在 BalusC 的书 The Definitive Guide To JSF in Java 中看到的来自 Java EE Security 的新身份验证机制,称为“Custom FORM”身份验证=] EE 8.
我创建了一个简单的应用程序来测试它,但它不工作。问题是身份验证成功后,我没有重定向到欢迎页面,而是保留在登录页面中。好像应用程序没有识别出我已通过身份验证。
这些是相关文件的相关部分:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<display-name>autenticacao-visao</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allowed</web-resource-name>
<url-pattern>/templates/*</url-pattern>
<url-pattern>/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-role>
<role-name>USER</role-name>
</security-role>
<welcome-file-list>
<welcome-file>start.xhtml</welcome-file>
</welcome-file-list>
</web-app>
UserAuthenticator.java(执行简单的身份验证)
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
import javax.faces.annotation.FacesConfig;
import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.LoginToContinue;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(
loginPage = "/login.xhtml",
errorPage = ""
)
)
@FacesConfig
@ApplicationScoped
public class UserAuthenticator implements IdentityStore
{
@Override
public CredentialValidationResult validate(Credential credencial)
{
String name = ((UsernamePasswordCredential) credencial).getCaller();
return new CredentialValidationResult(new CallerPrincipal(name), Set.of("USER"));
}
}
PagLogin(CDI bean)
import java.io.IOException;
import javax.enterprise.context.RequestScoped;
import javax.faces.application.FacesMessage;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.SecurityContext;
import javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotBlank;
@RequestScoped
@Named
public class PagLogin
{
private String _userName;
private String _password;
@Inject
private FacesContext _facesContext;
@Inject
private ExternalContext _externalContext;
@Inject
private SecurityContext _securityContext;
@NotBlank(message = "User name is required.")
public String getUserName()
{
return _userName;
}
public void setUserName(String userName)
{
_userName = userName;
}
@NotBlank(message = "Password is required.")
public String getPassword()
{
return _password;
}
public void setPassword(String password)
{
_password = password;
}
public String authenticateUser() throws IOException
{
AuthenticationStatus result = executeUserAuthentication();
if (result == AuthenticationStatus.SUCCESS)
{
// It really passes here, but I'm not redirected to the start
// page. I keep in the login page.
return "/start?faces-redirect=true";
}
else if (result == AuthenticationStatus.SEND_CONTINUE)
{
_facesContext.responseComplete();
}
else if (result == AuthenticationStatus.SEND_FAILURE)
{
_facesContext.addMessage(null, new FacesMessage(
FacesMessage.SEVERITY_ERROR, "Invalid user name and/or password.", null));
}
return null;
}
private AuthenticationStatus executeUserAuthentication()
{
return _securityContext.authenticate(
(HttpServletRequest) _externalContext.getRequest(),
(HttpServletResponse) _externalContext.getResponse(),
AuthenticationParameters.withParams().credential(
new UsernamePasswordCredential(_userName, _password))
);
}
}
login.xhtml(JSF登录页面)
<ui:composition template="/templates/layout.xhtml"
xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
xmlns:f="http://xmlns.jcp.org/jsf/core"
xmlns:h="http://xmlns.jcp.org/jsf/html"
xmlns:au="http://desenvolvimento.br/autenticacao">
<ui:define name="titulo">
Login
</ui:define>
<ui:define name="conteudo">
<au:erros />
<div id="campos">
<h:outputLabel value="User name:" for="userName" />
<h:inputText id="userName" value="#{pagLogin.userName}" />
<h:outputLabel value="Password:" for="password" />
<h:inputSecret id="password" value="#{pagLogin.password}" />
<h:commandButton value="Enter" action="#{pagLogin.authenticateUser}" />
</div>
</ui:define>
</ui:composition>
但是当我点击 Enter 按钮时,我看到我真的得到了一个 AuthenticationStatus.SUCCESS,但是我没有重定向到 start.xhtml 页面,即使我尝试在浏览器地址栏中手动更改它。它让我重定向到登录页面。
在 AuthenticationStatus result = executeUserAuthentication(); 之后,如果我输入此代码:
boolean authenticated = ((HttpServletRequest) _externalContext.getRequest()).getUserPrincipal() != null;
变量authenticated是true。
也许只是少了一点东西,但我不知道是什么。
更新 1
我注意到我在登录后在应用程序服务器日志中也收到此警告:
16:57:47,217 WARN [org.jboss.weld.Servlet] (default task-2) WELD-000717: Unable to deactivate context org.jboss.weld.module.web.context.http.LazyHttpConversationContextImpl@56a54798 when destroying request HttpServletRequestImpl [ POST /autenticacao/login.xhtml ]
不知道跟问题有没有关系
怀念过去,在 <login-config><login-config>web.xml 时,一切都很复杂,在 j_security_check 时,一切都很丑陋,但 WORKED .
更新 2
我找到了解决方法。看看评论。
更新 3
Sylvain Autran 在这里创建了一个最小的工作示例:
他正在使用版本 201 和 2020.2 的 Payara 5 来执行他的示例。因此,我决定克隆并执行其在 Wildfly 20 中使用 @CustomFormAuthenticationMechanismDefinition 的示例。当我单击登录页面中的 Submit 按钮时,出现此错误,一个 NullPointerException 在 JSF 实现中:
16:20:40,350 WARNING [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-1) #{login.submit}: java.lang.NullPointerException: javax.faces.FacesException: #{login.submit}: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:96)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UICommand.broadcast(UICommand.java:222)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create[=16=](SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access[=16=]0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
... 58 more
Caused by: java.lang.NullPointerException
at deployment.jakartasecurity.war//org.example.view.Login.submit(Login.java:51)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
... 59 more
16:20:40,355 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /jakartasecurity/login.xhtml: javax.servlet.ServletException: java.lang.NullPointerException
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:725)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletChain.handleRequest(ServletChain.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.core@2.1.3.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
at io.undertow.core@2.1.3.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:133)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.call(ServletInitialHandler.java:130)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create[=16=](SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at org.wildfly.extension.undertow@20.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create[=16=](UndertowDeploymentInfoService.java:1530)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.access[=16=]0(ServletInitialHandler.java:78)
at io.undertow.servlet@2.1.3.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:99)
at io.undertow.core@2.1.3.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)
at io.undertow.core@2.1.3.Final//io.undertow.server.HttpServerExchange.run(HttpServerExchange.java:830)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.faces.el.EvaluationException: java.lang.NullPointerException
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UICommand.broadcast(UICommand.java:222)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
at javax.faces.api@3.0.0.SP03//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
at javax.faces.api@3.0.0.SP03//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
... 50 more
Caused by: java.lang.NullPointerException
at deployment.jakartasecurity.war//org.example.view.Login.submit(Login.java:51)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
at org.glassfish.jakarta.el@3.0.3.jbossorg-2//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.core@3.1.4.Final//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
at com.sun.jsf-impl@2.3.9.SP10//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
... 59 more
所以,这似乎是 Wildfly 20 中的问题,而不是应用程序中的问题。
我决定再试一次 @CustomFormAuthenticationMechanismDefinition 注释。
我创建了一个 app 目录并将 start.xhtml 放在里面。
web.xml 文件的相关部分现在如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" version="4.0">
<display-name>autenticacao-visao</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>restrict</web-resource-name>
<url-pattern>/app/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>allowed</web-resource-name>
<url-pattern>/app/resources/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-role>
<role-name>USER</role-name>
</security-role>
<welcome-file-list>
<welcome-file>app/start.xhtml</welcome-file>
</welcome-file-list>
</web-app>
之后,出于某种原因,应用程序终于 成功了 ,我可以离开 登录 页面和 start 显示页面。
现在我面临另一个小问题:
On a successful login, SecurityContext.authenticate() returns AuthenticationStatus.SEND_CONTINUE instead of AuthenticationStatus.SUCCESS