"Forbidden",无法使用 JAAS (WildFly) 进行身份验证
"Forbidden", cannot authenticate using JAAS (WildFly)
我已经按照所有教程中的描述完成了。
- 添加 MySql connetion jar 作为 WildFly 的模块 (mySql-conn-driver.jar)
module add --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.24-bin.jar --dependencies=javax.api,javax.transaction.api
/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.jdbc.Driver)
- 已添加数据源
[standalone@localhost:9990 /] /subsystem=datasources/data-source=niwads:add(
driver-name=mysql,
user-name=db_user,
password=secret,
connection-url=jdbc:mysql://localhost:3306/appdb,
min-pool-size=5,
max-pool-size=15,
jndi-name=java:/jdbc/niwads,
enabled=true,
validate-on-match=true,
valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker,
exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter
)
在浏览器中使用 GUI 创建了安全域,而不是 CLI。最后的结果是这样的:
<security-domain name="niwasdnew" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jbdc/niwads" />
<module-option name="principalsQuery" value="select password as 'Password' from user_account where nickname=?" />
<module-option name="rolesQuery" value="select r.rolname as 'Role', r.rolname as 'RoleGroup' from user_account u, role r where r.id=u.role_key and u.nickname=?" />
</login-module>
</authentication>
创建并添加jboss-web.xml到WEB-INF:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>niwasdnew</security-domain>
</jboss-web>
我的 web.xml 具有 FORM 身份验证角色等等:
<security-constraint>
<web-resource-collection>
<web-resource-name>pages for masters</web-resource-name>
<url-pattern>/sections/master/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>pages for gardeners</web-resource-name>
<url-pattern>/sections/gardener/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>gardener</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>gardener</role-name>
</security-role>
完成这一切后,我在 WildFly 上开始了我的项目,我看到了我的欢迎页面,转到登录页面,填写需要的字段按登录按钮 它会根据用户的角色将我重定向到适当的位置
但我只看到 "Forbidden" 错误页面!
我做错了什么?我错过了什么?
我终于找到了问题的答案。关于这个 recourse
它告诉我我在 步骤 3 中犯了一个错误,我在 SQL 中写了 module-option name="rolesQuery" 句子:select r.rolname as 'Role', r.rolname as 'RoleGroup' from user_account u, role r where r.id=u.role_key 和 u.nickname=?
来自资源
Note: Value of RoleGroup column always has to be Roles (with capital 'R'). This is specific to JBoss.
所以 propper SQL 句子确实有效,在我的例子中 — select r.rolname as 'Role', 'Roles' as 'RoleGroup' from user_account u, role r where r.id=u.role_key and u.nickname=? —正确答案
我已经按照所有教程中的描述完成了。
- 添加 MySql connetion jar 作为 WildFly 的模块 (mySql-conn-driver.jar)
module add --name=com.mysql --resources=/path/to/mysql-connector-java-5.1.24-bin.jar --dependencies=javax.api,javax.transaction.api
/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-class-name=com.mysql.jdbc.Driver)
- 已添加数据源
[standalone@localhost:9990 /] /subsystem=datasources/data-source=niwads:add(
driver-name=mysql,
user-name=db_user,
password=secret,
connection-url=jdbc:mysql://localhost:3306/appdb,
min-pool-size=5,
max-pool-size=15,
jndi-name=java:/jdbc/niwads,
enabled=true,
validate-on-match=true,
valid-connection-checker-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker,
exception-sorter-class-name=org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter
)
在浏览器中使用 GUI 创建了安全域,而不是 CLI。最后的结果是这样的:
<security-domain name="niwasdnew" cache-type="default"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/jbdc/niwads" /> <module-option name="principalsQuery" value="select password as 'Password' from user_account where nickname=?" /> <module-option name="rolesQuery" value="select r.rolname as 'Role', r.rolname as 'RoleGroup' from user_account u, role r where r.id=u.role_key and u.nickname=?" /> </login-module> </authentication>创建并添加jboss-web.xml到WEB-INF:
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>niwasdnew</security-domain> </jboss-web>我的 web.xml 具有 FORM 身份验证角色等等:
<security-constraint> <web-resource-collection> <web-resource-name>pages for masters</web-resource-name> <url-pattern>/sections/master/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>pages for gardeners</web-resource-name> <url-pattern>/sections/gardener/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>gardener</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.xhtml</form-login-page> <form-error-page>/error.xhtml</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>gardener</role-name> </security-role>
完成这一切后,我在 WildFly 上开始了我的项目,我看到了我的欢迎页面,转到登录页面,填写需要的字段按登录按钮 它会根据用户的角色将我重定向到适当的位置
但我只看到 "Forbidden" 错误页面!
我做错了什么?我错过了什么?
我终于找到了问题的答案。关于这个 recourse
它告诉我我在 步骤 3 中犯了一个错误,我在 SQL 中写了 module-option name="rolesQuery" 句子:select r.rolname as 'Role', r.rolname as 'RoleGroup' from user_account u, role r where r.id=u.role_key 和 u.nickname=?
来自资源
Note: Value of RoleGroup column always has to be Roles (with capital 'R'). This is specific to JBoss.
所以 propper SQL 句子确实有效,在我的例子中 — select r.rolname as 'Role', 'Roles' as 'RoleGroup' from user_account u, role r where r.id=u.role_key and u.nickname=? —正确答案