1. 首頁
  2. 問答
  3. WildFly 8.2.1。數據庫登錄模塊導致「Forbidden」錯誤

WildFly 8.2.1。數據庫登錄模塊導致「Forbidden」錯誤

2015-11-05 88 views
0

我正在將應用程序遷移到WildFly,並導致無法登錄到管理部分。我使用數據庫登錄模塊,並在設置日誌級別TRACE後,我看到查詢成功執行 - 我在日誌中看到一些isValid=true行。WildFly 8.2.1。數據庫登錄模塊導致「Forbidden」錯誤

角色查詢的第二列返回Roles(無需在服務器配置檢查挖):)

如果我輸入無效的用戶或通過登錄表單中,我可以看到在日誌中的異常,說沒有這樣的用戶(正確)。我的邏輯是,這可以被視爲證明主體和角色查詢是正確的。

的web.xml 

<security-constraint> 
<web-resource-collection> 
    <web-resource-name>Admin panel</web-resource-name> 
    <description>Admin panel</description> 
    <url-pattern>/admin/*</url-pattern>  
    <http-method>HEAD</http-method> 
    <http-method>GET</http-method> 
    <http-method>POST</http-method> 
    <http-method>PUT</http-method> 
    <http-method>DELETE</http-method> 
</web-resource-collection> 
<auth-constraint> 
    <role-name>aaa</role-name> 
</auth-constraint> 
<user-data-constraint> 
    <transport-guarantee>NONE</transport-guarantee> 
</user-data-constraint> 
</security-constraint> 
<security-role> 
    <role-name>aaa</role-name> 
</security-role> 
<login-config> 
<auth-method>FORM</auth-method> 
<form-login-config> 
    <form-login-page>/admin/login.jsp</form-login-page> 
    <form-error-page>/admin/loginerror.jsp</form-error-page> 
    <!-- 
    <form-login-page>/admin/login.jsp</form-login-page> 
    <form-error-page>/admin/loginerror.jsp</form-error-page> 
    --> 
</form-login-config> 
</login-config>

的JBoss-web.xml中

<jboss-web> 
    <security-domain>java:/jaas/rmwebsite</security-domain> 
    <context-root>/</context-root> 
</jboss-web>

standalone.xml

<security-domain name="rmwebsite" cache-type="default"> 
    <authentication> 
     <login-module code="Database" flag="required"> 
      <module-option name="dsJndiName" value="java:/RW_DB"/> 
      <module-option name="principalsQuery" value="select password from principal where username = ? and activity = 1"/> 
      <module-option name="rolesQuery" value="select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?"/> 
      <module-option name="unauthenticatedIdentity" value="guest"/> 
     </login-module> 
    </authentication> 
</security-domain>

這裏是顯示在日誌中嘗試登錄

14:42:42,203 TRACE [org.jboss.security] (default task-11) PBOX000354: Setting security roles ThreadLocal: null 
14:42:42,206 TRACE [org.jboss.security] (default task-12) PBOX000354: Setting security roles ThreadLocal: null 
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: null 
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000209: defaultLogin, principal: org.w[email protected]eee44800 
14:42:50,510 TRACE [org.jboss.security] (default task-13) PBOX000221: Begin getAppConfigurationEntry(rmwebsite), size: 4 
14:42:50,513 TRACE [org.jboss.security] (default task-13) PBOX000224: End getAppConfigurationEntry(rmwebsite), AuthInfo: AppConfigurationEntry[]: 
[0] 
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule 
ControlFlag: LoginModuleControlFlag: required 
Options: 
name=principalsQuery, value=select password from principal where username = ? and activity = 1 
name=unauthenticatedIdentity, value=guest 
name=dsJndiName, value=java:/RW_DB 
name=rolesQuery, value=select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? 

14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000236: Begin initialize method 
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000237: Saw unauthenticated indentity: guest 
14:42:50,517 TRACE [org.jboss.security] (default task-13) PBOX000262: Module options [dsJndiName: java:/RW_DB, principalsQuery: select password from principal where username = ? and activity = 1, rolesQuery: select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?, suspendResume: true] 
14:42:50,519 TRACE [org.jboss.security] (default task-13) PBOX000240: Begin login method 
14:42:50,553 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select password from principal where username = ? and activity = 1 with username myuser 
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000241: End login method, isValid: true 
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000242: Begin commit method, overall result: true 
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser 
14:42:50,563 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser 
14:42:50,575 TRACE [org.jboss.security] (default task-13) PBOX000210: defaultLogin, login context: [email protected], subject: Subject(1719716068)[email protected](myuser)[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser)) 
14:42:50,576 TRACE [org.jboss.security] (default task-13) PBOX000207: updateCache, input subject: Subject(1719716068)[email protected](myuser)org.jboss.security.S[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser)), cached subject: Subject(1754901421)[email protected](myuser)[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser)) 
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000208: Inserted cache info: org.jboss.secu[email protected]40d62081 
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000201: End isValid, result = true 
14:42:50,589 TRACE [org.jboss.security] (default task-13) PBOX000354: Setting security roles ThreadLocal: null 
14:42:50,591 TRACE [org.jboss.security] (default task-14) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: org.jboss.secu[email protected]40d62081 
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000204: Begin validateCache, domainInfo: org.jboss.secu[email protected]40d62081, credential class: class [C 
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000205: End validateCache, result = true 
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000201: End isValid, result = true 
14:42:50,595 TRACE [org.jboss.security] (default task-14) PBOX000354: Setting security roles ThreadLocal: null 
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: org.jboss.secu[email protected]40d62081 
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000204: Begin validateCache, domainInfo: org.jboss.secu[email protected]40d62081, credential class: class [C 
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000205: End validateCache, result = true 
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000201: End isValid, result = true 
14:51:39,172 TRACE [org.jboss.security] (default task-15) PBOX000354: Setting security roles ThreadLocal: null

來源

2015-11-05 valentinvas

+0

你從野蠅得到403嗎? – Franck

+0

是的,我得到錯誤403. – valentinvas

+0

看來'myuser'只是'ddd'角色的成員,但是您嚴格授權'aaa' – Franck

回答

0

本來web.xml中定義的安全角色「管理」,這是不是在AAA,BBB,CCC,DDD之後。結果仍然是'禁止' - 403錯誤。身份驗證約束參考*。我將其改爲參考'aaa'進行測試。

這個問題似乎我做了以下後要解決: *返回*在身份驗證約束 *爲「AAA」,「BBB」,「CCC」和「DDD」定義的安全角色。

感謝弗蘭克的答案。

來源

2015-11-06 14:27:14 valentinvas

+0

仍然適用於我...您能否詳細解釋一下您如何解決問題問題? 我的web.xml具有以下定義: /資源/ drivefix/API /學生/ * GET PUT HEAD POST DELETE 在Glassfish上完美運行,但似乎無法與JBoss一起使用 – Vova

相關問題

 相關問題