我正在將應用程序遷移到WildFly,並導致無法登錄到管理部分。我使用數據庫登錄模塊,並在設置日誌級別TRACE
後,我看到查詢成功執行 - 我在日誌中看到一些isValid=true
行。WildFly 8.2.1。數據庫登錄模塊導致「Forbidden」錯誤
角色查詢的第二列返回Roles
(無需在服務器配置檢查挖):)
如果我輸入無效的用戶或通過登錄表單中,我可以看到在日誌中的異常,說沒有這樣的用戶(正確)。我的邏輯是,這可以被視爲證明主體和角色查詢是正確的。
的web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin panel</web-resource-name>
<description>Admin panel</description>
<url-pattern>/admin/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>aaa</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>aaa</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
<!--
<form-login-page>/admin/login.jsp</form-login-page>
<form-error-page>/admin/loginerror.jsp</form-error-page>
-->
</form-login-config>
</login-config>
的JBoss-web.xml中
<jboss-web>
<security-domain>java:/jaas/rmwebsite</security-domain>
<context-root>/</context-root>
</jboss-web>
standalone.xml
<security-domain name="rmwebsite" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/RW_DB"/>
<module-option name="principalsQuery" value="select password from principal where username = ? and activity = 1"/>
<module-option name="rolesQuery" value="select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
這裏是顯示在日誌中嘗試登錄
14:42:42,203 TRACE [org.jboss.security] (default task-11) PBOX000354: Setting security roles ThreadLocal: null
14:42:42,206 TRACE [org.jboss.security] (default task-12) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: null
14:42:50,508 TRACE [org.jboss.security] (default task-13) PBOX000209: defaultLogin, principal: org.w[email protected]eee44800
14:42:50,510 TRACE [org.jboss.security] (default task-13) PBOX000221: Begin getAppConfigurationEntry(rmwebsite), size: 4
14:42:50,513 TRACE [org.jboss.security] (default task-13) PBOX000224: End getAppConfigurationEntry(rmwebsite), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=select password from principal where username = ? and activity = 1
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/RW_DB
name=rolesQuery, value=select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000236: Begin initialize method
14:42:50,516 TRACE [org.jboss.security] (default task-13) PBOX000237: Saw unauthenticated indentity: guest
14:42:50,517 TRACE [org.jboss.security] (default task-13) PBOX000262: Module options [dsJndiName: java:/RW_DB, principalsQuery: select password from principal where username = ? and activity = 1, rolesQuery: select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=?, suspendResume: true]
14:42:50,519 TRACE [org.jboss.security] (default task-13) PBOX000240: Begin login method
14:42:50,553 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select password from principal where username = ? and activity = 1 with username myuser
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000241: End login method, isValid: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000242: Begin commit method, overall result: true
14:42:50,561 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,563 TRACE [org.jboss.security] (default task-13) PBOX000263: Executing query select role as Role,'Roles' as RoleGroup from Roles join principal on roles.role_id=principal.principal_type where roles.role in ('aaa', 'bbb', 'ccc', 'ddd') and principal.username=? with username myuser
14:42:50,575 TRACE [org.jboss.security] (default task-13) PBOX000210: defaultLogin, login context: [email protected], subject: Subject(1719716068)[email protected](myuser)[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser))
14:42:50,576 TRACE [org.jboss.security] (default task-13) PBOX000207: updateCache, input subject: Subject(1719716068)[email protected](myuser)org.jboss.security.S[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser)), cached subject: Subject(1754901421)[email protected](myuser)[email protected](Roles(members:ddd))[email protected](CallerPrincipal(members:myuser))
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000208: Inserted cache info: org.jboss.secu[email protected]40d62081
14:42:50,577 TRACE [org.jboss.security] (default task-13) PBOX000201: End isValid, result = true
14:42:50,589 TRACE [org.jboss.security] (default task-13) PBOX000354: Setting security roles ThreadLocal: null
14:42:50,591 TRACE [org.jboss.security] (default task-14) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: org.jboss.secu[email protected]40d62081
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000204: Begin validateCache, domainInfo: org.jboss.secu[email protected]40d62081, credential class: class [C
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000205: End validateCache, result = true
14:42:50,592 TRACE [org.jboss.security] (default task-14) PBOX000201: End isValid, result = true
14:42:50,595 TRACE [org.jboss.security] (default task-14) PBOX000354: Setting security roles ThreadLocal: null
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000200: Begin isValid, principal: org.w[email protected]eee44800, cache entry: org.jboss.secu[email protected]40d62081
14:51:39,168 TRACE [org.jboss.security] (default task-15) PBOX000204: Begin validateCache, domainInfo: org.jboss.secu[email protected]40d62081, credential class: class [C
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000205: End validateCache, result = true
14:51:39,169 TRACE [org.jboss.security] (default task-15) PBOX000201: End isValid, result = true
14:51:39,172 TRACE [org.jboss.security] (default task-15) PBOX000354: Setting security roles ThreadLocal: null
你從野蠅得到403嗎? – Franck
是的,我得到錯誤403. – valentinvas
看來'myuser'只是'ddd'角色的成員,但是您嚴格授權'aaa' – Franck