Wildfly 26:java.lang.IllegalArgumentException:javax.security.jacc.api 处的未知处理程序密钥
Wildlfy 26: java.lang.IllegalArgumentException: unknown handler key at javax.security.jacc.api
我正在尝试将整体式应用程序从 Wildfly 23 升级到 Wildfly 26。
最初,应用程序在 standalone.xml
中使用了“jaspitest”的虚拟配置
用于安全的旧配置
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
</subsystem>
在 Wildfly 迁移指南的指导下 - Migration Guide
现在在新的 Wildfly 26 配置中这样表示
<application-security-domains>
<application-security-domain name="jaspitest" security-domain="ApplicationDomain" enable-jaspi="false">
</application-security-domain>
</application-security-domains>
完整(已编辑)配置在这里 - https://pastebin.com/kEM5gN3C
Jboss-xml
<jboss-web>
<security-domain>jaspitest</security-domain>
<context-root>/</context-root>
<resource-ref>
<res-ref-name>jsf/ProjectStage</res-ref-name>
<jndi-name>java:/env/jsf/ProjectStage</jndi-name>
</resource-ref>
</jboss-web>
此配置适用于 Web 应用程序上的不安全页面,但尝试使用 JSF 登录页面登录。
它抛出这个致命错误:
10:04:17,518 FATAL [uk.co.xxxxxxx.exception.CustomExceptionHandler] (default task-5) [id=2820080d-1642-45d2-9de7-b1e527262bc7, ip=172.28.0.1, url=/parents/login/, user=null, params={form=form, form:email:input=bruce.taylor@xxxxxxx.co.uk, form:loginWithPassword=********, form:password:input=********, javax.faces.partial.ajax=true, javax.faces.partial.execute=@all, javax.faces.partial.render=login, javax.faces.source=form:loginWithPassword}]: java.lang.IllegalArgumentException: unknown handler key
2022-02-10T10:04:17.520512634Z at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.PolicyContext.getContext(PolicyContext.java:223)
2022-02-10T10:04:17.520519816Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.run(JACC.java:151)
2022-02-10T10:04:17.520523921Z at java.base/java.security.AccessController.doPrivileged(Native Method)
2022-02-10T10:04:17.520527172Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.getFromContext(JACC.java:149)
2022-02-10T10:04:17.520530561Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.getSubject(JACC.java:49)
2022-02-10T10:04:17.520533842Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.spi.impl.ReflectionAndJaccCallerDetailsResolver.getCallerPrincipal(ReflectionAndJaccCallerDetailsResolver.java:33)
2022-02-10T10:04:17.520537741Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.SecurityContextImpl.getCallerPrincipal(SecurityContextImpl.java:55)
2022-02-10T10:04:17.520549561Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.authenticate(Authenticator.java:340)
2022-02-10T10:04:17.520553467Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.authenticateWithFacesContext(Authenticator.java:311)
2022-02-10T10:04:17.520557396Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.loginAndRedirect(Authenticator.java:293)
2022-02-10T10:04:17.520561301Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator$Proxy$_$$_WeldClientProxy.loginAndRedirect(Unknown Source)
2022-02-10T10:04:17.520565505Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.backing.LoginBacking.loginWithPassword(LoginBacking.java:112)
2022-02-10T10:04:17.520569536Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2022-02-10T10:04:17.520574368Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
2022-02-10T10:04:17.520578603Z at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2022-02-10T10:04:17.520582207Z at java.base/java.lang.reflect.Method.invoke(Method.java:566)
2022-02-10T10:04:17.520585425Z at javax.el.api@2.0.0.Final//javax.el.ELUtil.invokeMethod(ELUtil.java:245)
google 搜索显示此错误与其他应用程序服务器(如 TomEE 等)有关
我做过的事情:
- 升级了与 Java EE(EJB、Omnifaces、JSFUtils)相关的所有 Maven 依赖项
- 禁用 JACC(这不会引发任何错误,但我无法登录,它只是在成功验证后将用户踢回登录页面)
建筑
代码库有:
- AuthenticationMechanism 实现 HttpAuthenticationMechanism
- 身份验证器实现 IdentityStore
- AuthenticatedUser(其中包含用户信息的可序列化 bean)
调用SecurityContext的注入bean时爆炸getCallerPrinciple()
作为 non-Java EE 人员,了解实际发生的事情并指出如何解决这个问题会很有帮助吗?
- 这是 Wildfly 26 的问题吗?
- 这是mis-configuration吗?
- 这是 Elytron 设置的问题吗?
- 是否需要实现一些代码?
虽然我不明白为什么我需要 JACC,但现有单体中没有授权要求。
设置似乎有些混乱。 LoginBacking 不应该直接调用 IdentityStore。相反,支持 bean 应该调用 SecurityContext。 SecurityContext 然后触发身份验证导致 HttpAuthenticationMechanism 被调用,然后,如果需要,调用 IdentityStore.
Soteria 项目包含一个为 JSF/Faces 演示这一点的测试:
https://github.com/eclipse-ee4j/soteria/tree/master/test/app-mem-customform
相关部分是:
@Named
@RequestScoped
public class LoginBacking {
@Inject
private SecurityContext securityContext;
@NotNull
@Size(min = 3, max = 15, message="Username must be between 3 and 15 characters")
private String username;
@NotNull
@Size(min = 5, max = 50, message="Password must be between 5 and 50 characters")
private String password;
public void login() {
FacesContext context = FacesContext.getCurrentInstance();
Credential credential = new UsernamePasswordCredential(username, new Password(password));
AuthenticationStatus status = securityContext.authenticate(
getRequest(context),
getResponse(context),
withParams()
.credential(credential));
在 cli 中尝试:
/subsystem=elytron/policy=jacc:add(jacc-policy={})
我正在尝试将整体式应用程序从 Wildfly 23 升级到 Wildfly 26。
最初,应用程序在 standalone.xml
用于安全的旧配置
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional"/>
</login-module-stack>
<auth-module code="Dummy"/>
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
</subsystem>
在 Wildfly 迁移指南的指导下 - Migration Guide
现在在新的 Wildfly 26 配置中这样表示
<application-security-domains>
<application-security-domain name="jaspitest" security-domain="ApplicationDomain" enable-jaspi="false">
</application-security-domain>
</application-security-domains>
完整(已编辑)配置在这里 - https://pastebin.com/kEM5gN3C
Jboss-xml
<jboss-web>
<security-domain>jaspitest</security-domain>
<context-root>/</context-root>
<resource-ref>
<res-ref-name>jsf/ProjectStage</res-ref-name>
<jndi-name>java:/env/jsf/ProjectStage</jndi-name>
</resource-ref>
</jboss-web>
此配置适用于 Web 应用程序上的不安全页面,但尝试使用 JSF 登录页面登录。
它抛出这个致命错误:
10:04:17,518 FATAL [uk.co.xxxxxxx.exception.CustomExceptionHandler] (default task-5) [id=2820080d-1642-45d2-9de7-b1e527262bc7, ip=172.28.0.1, url=/parents/login/, user=null, params={form=form, form:email:input=bruce.taylor@xxxxxxx.co.uk, form:loginWithPassword=********, form:password:input=********, javax.faces.partial.ajax=true, javax.faces.partial.execute=@all, javax.faces.partial.render=login, javax.faces.source=form:loginWithPassword}]: java.lang.IllegalArgumentException: unknown handler key
2022-02-10T10:04:17.520512634Z at javax.security.jacc.api@2.0.0.Final//javax.security.jacc.PolicyContext.getContext(PolicyContext.java:223)
2022-02-10T10:04:17.520519816Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.run(JACC.java:151)
2022-02-10T10:04:17.520523921Z at java.base/java.security.AccessController.doPrivileged(Native Method)
2022-02-10T10:04:17.520527172Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.getFromContext(JACC.java:149)
2022-02-10T10:04:17.520530561Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.JACC.getSubject(JACC.java:49)
2022-02-10T10:04:17.520533842Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.authorization.spi.impl.ReflectionAndJaccCallerDetailsResolver.getCallerPrincipal(ReflectionAndJaccCallerDetailsResolver.java:33)
2022-02-10T10:04:17.520537741Z at org.glassfish.soteria@1.0.1-jbossorg-1//org.glassfish.soteria.SecurityContextImpl.getCallerPrincipal(SecurityContextImpl.java:55)
2022-02-10T10:04:17.520549561Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.authenticate(Authenticator.java:340)
2022-02-10T10:04:17.520553467Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.authenticateWithFacesContext(Authenticator.java:311)
2022-02-10T10:04:17.520557396Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator.loginAndRedirect(Authenticator.java:293)
2022-02-10T10:04:17.520561301Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.security.Authenticator$Proxy$_$$_WeldClientProxy.loginAndRedirect(Unknown Source)
2022-02-10T10:04:17.520565505Z at deployment.xxxxxxx.war//uk.co.xxxxxxx.backing.LoginBacking.loginWithPassword(LoginBacking.java:112)
2022-02-10T10:04:17.520569536Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2022-02-10T10:04:17.520574368Z at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
2022-02-10T10:04:17.520578603Z at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2022-02-10T10:04:17.520582207Z at java.base/java.lang.reflect.Method.invoke(Method.java:566)
2022-02-10T10:04:17.520585425Z at javax.el.api@2.0.0.Final//javax.el.ELUtil.invokeMethod(ELUtil.java:245)
google 搜索显示此错误与其他应用程序服务器(如 TomEE 等)有关
我做过的事情:
- 升级了与 Java EE(EJB、Omnifaces、JSFUtils)相关的所有 Maven 依赖项
- 禁用 JACC(这不会引发任何错误,但我无法登录,它只是在成功验证后将用户踢回登录页面)
建筑
代码库有:
- AuthenticationMechanism 实现 HttpAuthenticationMechanism
- 身份验证器实现 IdentityStore
- AuthenticatedUser(其中包含用户信息的可序列化 bean)
调用SecurityContext的注入bean时爆炸getCallerPrinciple()
作为 non-Java EE 人员,了解实际发生的事情并指出如何解决这个问题会很有帮助吗?
- 这是 Wildfly 26 的问题吗?
- 这是mis-configuration吗?
- 这是 Elytron 设置的问题吗?
- 是否需要实现一些代码?
虽然我不明白为什么我需要 JACC,但现有单体中没有授权要求。
设置似乎有些混乱。 LoginBacking 不应该直接调用 IdentityStore。相反,支持 bean 应该调用 SecurityContext。 SecurityContext 然后触发身份验证导致 HttpAuthenticationMechanism 被调用,然后,如果需要,调用 IdentityStore.
Soteria 项目包含一个为 JSF/Faces 演示这一点的测试:
https://github.com/eclipse-ee4j/soteria/tree/master/test/app-mem-customform
相关部分是:
@Named
@RequestScoped
public class LoginBacking {
@Inject
private SecurityContext securityContext;
@NotNull
@Size(min = 3, max = 15, message="Username must be between 3 and 15 characters")
private String username;
@NotNull
@Size(min = 5, max = 50, message="Password must be between 5 and 50 characters")
private String password;
public void login() {
FacesContext context = FacesContext.getCurrentInstance();
Credential credential = new UsernamePasswordCredential(username, new Password(password));
AuthenticationStatus status = securityContext.authenticate(
getRequest(context),
getResponse(context),
withParams()
.credential(credential));
在 cli 中尝试:
/subsystem=elytron/policy=jacc:add(jacc-policy={})