CustomAuthenticationMechanism 在调用 identityStoreHandler.validate 后获得 none callerGroups
CustomAuthenticationMechanism obtains none callerGroups after called identityStoreHandler.validate
我正在尝试创建自定义身份验证。
当我
我制作了一个简单的 identityStore,它使用 rols AF_ADMIN 和 AF_USER.
将每个用户验证为访客
登录时调用 CustomAuthenticationMechanism,但 idStoreHandler 的 CredentialValidationResult 没有调用者组。
所以 Login-public.xhtml 说我没有 AF_ADMIN 角色。
我错过了什么吗?
CustomAuthenticationMechanism
@AutoApplySession
@LoginToContinue
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject
private IdentityStoreHandler idStoreHandler;
//@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String ticket = request.getParameter("ticket");
if (ticket != null) {
CredentialValidationResult result = idStoreHandler.validate(new UsernamePasswordCredential(ticket, Arrays.toString("LOGIN_PASSWORD")));
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(result);
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
}
登录-public.xhtml
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
登录-private.xhtml
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
MyLoginIdentityStory
@ApplicationScoped
public class MyLoginIdentityStore implements IdentityStore {
private static final Logger log = LoggerFactory.getLogger(LoginIBIdentityStore.class);
public static final String USER = "user";
@Inject
HttpServletRequest request;
@Inject
UsuariServiceable userSvc;
@Override
public int priority() {
return 1;
}
@Override
public Set<ValidationType> validationTypes() {
return EnumSet.of(ValidationType.VALIDATE);
}
public CredentialValidationResult validate(UsernamePasswordCredential credential) {
return new CredentialValidationResult("guest", new HashSet<>(Arrays.asList("AF_ADMIN","AF_USER")));
}
@Override
public Set<String> getCallerGroups(CredentialValidationResult validationResult) {
return IdentityStore.super.getCallerGroups(validationResult);
}
}
web.xml
...
<security-constraint>
<display-name>app_public</display-name>
<web-resource-collection>
<web-resource-name>app_public</web-resource-name>
<url-pattern>/error.xhtml</url-pattern>
<url-pattern>/login</url-pattern>
<url-pattern>/login.xhtml</url-pattern>
<url-pattern>/login-public.xhtml</url-pattern>
<url-pattern>/resources/**</url-pattern>
<url-pattern>/javax.faces.resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>app</display-name>
<web-resource-collection>
<web-resource-name>accfor_auth</web-resource-name>
<description>paginas que requieren autentificacion</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Acceso a accfor</description>
<role-name>AF_ADMIN</role-name>
</auth-constraint>
</security-constraint>
...
默认 validationTypes() 方法 return VALIDATE 和 PROVIDE_GROUPS.
问题是重写的验证类型方法仅 return 验证并且不 return 提供组。
@Override
public Set<ValidationType> validationTypes() {
return EnumSet.of(ValidationType.VALIDATE, ValidationType.PROVIDE_GROUPS);
}
我正在尝试创建自定义身份验证。 当我 我制作了一个简单的 identityStore,它使用 rols AF_ADMIN 和 AF_USER.
将每个用户验证为访客登录时调用 CustomAuthenticationMechanism,但 idStoreHandler 的 CredentialValidationResult 没有调用者组。 所以 Login-public.xhtml 说我没有 AF_ADMIN 角色。
我错过了什么吗?
CustomAuthenticationMechanism
@AutoApplySession
@LoginToContinue
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject
private IdentityStoreHandler idStoreHandler;
//@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String ticket = request.getParameter("ticket");
if (ticket != null) {
CredentialValidationResult result = idStoreHandler.validate(new UsernamePasswordCredential(ticket, Arrays.toString("LOGIN_PASSWORD")));
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(result);
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
}
登录-public.xhtml
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
登录-private.xhtml
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
MyLoginIdentityStory
@ApplicationScoped
public class MyLoginIdentityStore implements IdentityStore {
private static final Logger log = LoggerFactory.getLogger(LoginIBIdentityStore.class);
public static final String USER = "user";
@Inject
HttpServletRequest request;
@Inject
UsuariServiceable userSvc;
@Override
public int priority() {
return 1;
}
@Override
public Set<ValidationType> validationTypes() {
return EnumSet.of(ValidationType.VALIDATE);
}
public CredentialValidationResult validate(UsernamePasswordCredential credential) {
return new CredentialValidationResult("guest", new HashSet<>(Arrays.asList("AF_ADMIN","AF_USER")));
}
@Override
public Set<String> getCallerGroups(CredentialValidationResult validationResult) {
return IdentityStore.super.getCallerGroups(validationResult);
}
}
web.xml
...
<security-constraint>
<display-name>app_public</display-name>
<web-resource-collection>
<web-resource-name>app_public</web-resource-name>
<url-pattern>/error.xhtml</url-pattern>
<url-pattern>/login</url-pattern>
<url-pattern>/login.xhtml</url-pattern>
<url-pattern>/login-public.xhtml</url-pattern>
<url-pattern>/resources/**</url-pattern>
<url-pattern>/javax.faces.resource/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<display-name>app</display-name>
<web-resource-collection>
<web-resource-name>accfor_auth</web-resource-name>
<description>paginas que requieren autentificacion</description>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<description>Acceso a accfor</description>
<role-name>AF_ADMIN</role-name>
</auth-constraint>
</security-constraint>
...
默认 validationTypes() 方法 return VALIDATE 和 PROVIDE_GROUPS.
问题是重写的验证类型方法仅 return 验证并且不 return 提供组。
@Override
public Set<ValidationType> validationTypes() {
return EnumSet.of(ValidationType.VALIDATE, ValidationType.PROVIDE_GROUPS);
}