个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我正在尝试让 JSF 应用程序在配置了 JAAS 安全模块的 JBoss 7.1.2 上运行。基本上可以登录,但是在成功验证用户并授予角色后,角色再次被覆盖,用户没有任何权限,并将被重定向到拒绝访问的页面。
也许我错过了配置中的某些内容,但我真的不知道可能出了什么问题
这是我的配置:
安全系统的standalone.xml配置:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="MpsAdminRealm" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:/datasources/iPadDSForAllApps"/>
<module-option name="principalsQuery" value="select password from ADMIN_ACCOUNT where username=?"/>
<module-option name="rolesQuery" value="SELECT ADMIN_PERMISSION.NAME, 'ROLES' FROM ADMIN_PERMISSION INNER JOIN ROLE_PERMISSION ON ADMIN_PERMISSION.ID = ROLE_PERMISSION.ID_PERMISSION INNER JOIN ADMIN_ROLE ON ROLE_PERMISSION.ID_ROLE = ADMIN_ROLE.ID INNER JOIN ACCOUNT_ROLE ON ADMIN_ROLE.ID = ACCOUNT_ROLE.ID_ROLE INNER JOIN ADMIN_ACCOUNT ON ACCOUNT_ROLE.ID_ACCOUNT = ADMIN_ACCOUNT.ID WHERE ADMIN_ACCOUNT.USERNAME = ?"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
</security-domains>
</subsystem>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>mps-admin</display-name>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
<url-pattern>*.jsf</url-pattern>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Area</web-resource-name>
<url-pattern>/pages/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN_AREA</role-name>
<role-name>USER_AREA</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<!-- Login page -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MpsAdminRealm</realm-name>
<form-login-config>
<form-login-page>/pages/public/login.xhtml</form-login-page>
<form-error-page>/pages/public/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
<!-- System roles -->
<security-role >
<role-name>ADMIN_AREA</role-name>
</security-role>
<security-role>
<description>User Permission for the User Area of the Application</description>
<role-name>USER_AREA</role-name>
</security-role>
<error-page>
<error-code>403</error-code>
<location>/pages/public/access_denied.xhtml</location>
</error-page>
<welcome-file-list>
<welcome-file>/pages/protected/user/startseite.xhtml</welcome-file>
</welcome-file-list>
</web-app>
我的jboss-web.xml
<?xml version='1.0' encoding='UTF-8'?>
<jboss-web>
<!-- URL to access the web module -->
<context-root>/mps-admin</context-root>
<!-- Realm that will be used -->
<security-domain>java:/jaas/MpsAdminRealm</security-domain>
<use-jboss-authorization>false</use-jboss-authorization>
</jboss-web>
最后是我尝试访问 protected 区域时的日志输出:
09:55:56,912 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) initialize
09:55:57,693 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Security domain: MpsAdminRealm
09:55:57,693 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) DatabaseServerLoginModule, dsJndiName=java:/datasources/iPadDSForAllApps
09:55:57,693 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) principalsQuery=select password from ADMIN_ACCOUNT where username=?
09:55:57,693 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) rolesQuery=SELECT ADMIN_PERMISSION.NAME, 'ROLES' FROM ADMIN_PERMISSION INNER JOIN ROLE_PERMISSION ON ADMIN_PERMISSION.ID = ROLE_PERMISSION.ID_PERMISSION INNER JOIN ADMIN_ROLE ON ROLE_PERMISSION.ID_ROLE = ADMIN_ROLE.ID INNER JOIN ACCOUNT_ROLE ON ADMIN_ROLE.ID = ACCOUNT_ROLE.ID_ROLE INNER JOIN ADMIN_ACCOUNT ON ACCOUNT_ROLE.ID_ACCOUNT = ADMIN_ACCOUNT.ID WHERE ADMIN_ACCOUNT.USERNAME = ?
09:55:57,693 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) suspendResume=true
09:55:57,694 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) login
09:55:57,718 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) suspendAnyTransaction
09:55:57,719 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (http-localhost/127.0.0.1:8080-1) iPadDS: getConnection(null, WrappedConnectionRequestInfo@5ead5494[userName=ipadpdf]) [1/5]
09:55:57,720 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Excuting query: select password from ADMIN_ACCOUNT where username=?, with username: harald
09:55:57,772 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Obtained user password
09:55:57,773 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (http-localhost/127.0.0.1:8080-1) iPadDS: returnConnection(48885a6e, false) [1/4]
09:55:57,773 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) resumeAnyTransaction
09:55:57,774 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) User 'harald' authenticated, loginOk=true
09:55:57,774 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) commit, loginOk=true
09:55:57,776 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) getRoleSets using rolesQuery: SELECT ADMIN_PERMISSION.NAME, 'ROLES' FROM ADMIN_PERMISSION INNER JOIN ROLE_PERMISSION ON ADMIN_PERMISSION.ID = ROLE_PERMISSION.ID_PERMISSION INNER JOIN ADMIN_ROLE ON ROLE_PERMISSION.ID_ROLE = ADMIN_ROLE.ID INNER JOIN ACCOUNT_ROLE ON ADMIN_ROLE.ID = ACCOUNT_ROLE.ID_ROLE INNER JOIN ADMIN_ACCOUNT ON ACCOUNT_ROLE.ID_ACCOUNT = ADMIN_ACCOUNT.ID WHERE ADMIN_ACCOUNT.USERNAME = ?, username: harald
09:55:57,779 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) suspendAnyTransaction
09:55:57,780 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (http-localhost/127.0.0.1:8080-1) iPadDS: getConnection(null, WrappedConnectionRequestInfo@5ead5494[userName=ipadpdf]) [1/5]
09:55:57,780 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Excuting query: SELECT ADMIN_PERMISSION.NAME, 'ROLES' FROM ADMIN_PERMISSION INNER JOIN ROLE_PERMISSION ON ADMIN_PERMISSION.ID = ROLE_PERMISSION.ID_PERMISSION INNER JOIN ADMIN_ROLE ON ROLE_PERMISSION.ID_ROLE = ADMIN_ROLE.ID INNER JOIN ACCOUNT_ROLE ON ADMIN_ROLE.ID = ACCOUNT_ROLE.ID_ROLE INNER JOIN ADMIN_ACCOUNT ON ACCOUNT_ROLE.ID_ACCOUNT = ADMIN_ACCOUNT.ID WHERE ADMIN_ACCOUNT.USERNAME = ?, with username: harald
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role ACCOUNT_ADMINISTRATION
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role ADMIN_AREA
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role APA_ADMIN_AREA
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role CREATE_APPLICATION
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role ROLE_ADMINISTRATION
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role SYS_ADMIN_AREA
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role USER_AREA
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role USER_PROFILE
09:55:57,786 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) Assign user to role USER_SETTINGS
09:55:57,787 DEBUG [org.jboss.jca.core.connectionmanager.pool.strategy.OnePool] (http-localhost/127.0.0.1:8080-1) iPadDS: returnConnection(48885a6e, false) [1/4]
09:55:57,787 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost/127.0.0.1:8080-1) resumeAnyTransaction
09:55:57,788 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost/127.0.0.1:8080-1) defaultLogin, lc=javax.security.auth.login.LoginContext@2780a3db, subject=Subject(1003537020).principals=org.jboss.security.SimplePrincipal@1932581337(harald)org.jboss.security.SimpleGroup@1053755336(CallerPrincipal(members:harald))org.jboss.security.SimpleGroup@1053755336(ROLES(members:CREATE_APPLICATION,USER_AREA,APA_ADMIN_AREA,USER_PROFILE,SYS_ADMIN_AREA,USER_SETTINGS,ACCOUNT_ADMINISTRATION,ADMIN_AREA,ROLE_ADMINISTRATION))
09:55:57,789 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost/127.0.0.1:8080-1) End isValid, true
09:55:57,795 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Authenticated 'harald' with type 'LOGIN'
09:55:57,810 FINE [javax.enterprise.resource.webcontainer.jsf.lifecycle] (http-localhost/127.0.0.1:8080-1) Exiting InvokeApplicationsPhase
09:55:57,810 FINE [javax.enterprise.resource.webcontainer.jsf.timing] (http-localhost/127.0.0.1:8080-1) [TIMING] - [2955ms] : Execution time for phase (including any PhaseListeners) -> INVOKE_APPLICATION 5
09:55:57,810 FINE [javax.enterprise.resource.webcontainer.jsf.lifecycle] (http-localhost/127.0.0.1:8080-1) render(org.primefaces.context.PrimeFacesContext@4fcb2eda)
09:55:57,810 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost/127.0.0.1:8080-1) Setting threadlocal:null
09:55:57,814 DEBUG [org.apache.tomcat.util.http.Cookies] (http-localhost/127.0.0.1:8080-1) Cookies: Parsing b[]: JSESSIONID=JQw37EFGDsqHhV9CezWXrrZH; jm_earth_tpl=jm_earth
09:55:57,815 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Security checking request GET /mps-admin/pages/protected/user/startseite.xhtml
09:55:57,815 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) We have cached auth type LOGIN for principal GenericPrincipal[harald()]
09:56:15,192 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1402559775192 sessioncount 0
09:56:15,192 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
09:56:25,193 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Start expire sessions StandardManager at 1402559785193 sessioncount 1
09:56:25,193 DEBUG [org.apache.catalina.session.ManagerBase] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) End expire sessions StandardManager processingTime 0 expired sessions: 0
09:56:29,207 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Restricted Area]' against GET /pages/protected/user/startseite.xhtml --> true
09:56:29,208 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[Restricted Area]' against GET /pages/protected/user/startseite.xhtml --> true
09:56:29,208 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Calling hasUserDataPermission()
09:56:29,208 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) User data constraint has no restrictions
09:56:29,208 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Calling authenticate()
09:56:29,209 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] (http-localhost/127.0.0.1:8080-1) Already authenticated 'harald'
09:56:29,209 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Calling accessControl()
09:56:29,209 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) Checking roles GenericPrincipal[harald()]
09:56:29,210 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) Username harald does NOT have role ADMIN_AREA
09:56:29,210 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) No role found: ADMIN_AREA
09:56:29,210 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) Username harald does NOT have role USER_AREA
09:56:29,211 DEBUG [org.apache.catalina.realm.RealmBase] (http-localhost/127.0.0.1:8080-1) No role found: USER_AREA
09:56:29,211 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] (http-localhost/127.0.0.1:8080-1) Failed accessControl() test
09:56:29,211 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost/127.0.0.1:8080-1) Setting threadlocal:null
09:56:29,212 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host]] (http-localhost/127.0.0.1:8080-1) Processing ErrorPage[errorCode=403, location=/pages/public/access_denied.xhtml]
正如您所看到的,身份验证有效,但之后角色被覆盖(设置 threadlocal:null)
有人知道出了什么问题吗?
最佳答案
我发现问题了,
配置错误。
standalone.xml 中的 RolesQuery 错误。我将“角色”大写
<module-option name="rolesQuery" value="SELECT ADMIN_PERMISSION.NAME, 'Roles' FROM ADMIN_PERMISSION INNER JOIN ROLE_PERMISSION ON ADMIN_PERMISSION.ID = ROLE_PERMISSION.ID_PERMISSION INNER JOIN ADMIN_ROLE ON ROLE_PERMISSION.ID_ROLE = ADMIN_ROLE.ID INNER JOIN ACCOUNT_ROLE ON ADMIN_ROLE.ID = ACCOUNT_ROLE.ID_ROLE INNER JOIN ADMIN_ACCOUNT ON ACCOUNT_ROLE.ID_ACCOUNT = ADMIN_ACCOUNT.ID WHERE ADMIN_ACCOUNT.USERNAME = ?"/>
关于java - Jboss 7 Jaas模块,成功登录后角色被覆盖,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24179579/
25
4
0
我正在使用 jQuery 的 $.ajax 函数来提交表单,它可以工作,但成功正是我遇到问题的地方。这是我的代码: $("#form").submit(function () { $.
我正在使用动态分页。 我需要在开始另一个事件之前取消 jQuery ajax 中的 success 事件。 我已经设置了一个等于$.ajax()的变量,在这样做之前,无论如何我都会调用abort。 问
如果我错了,请纠正我,但我对 $.post 成功/失败的理解是,如果 url 有效,这将返回成功。唯一会返回失败的情况是 url 无效。 如果这是真的,我如何验证成功函数?我问的原因是无论发生什么,即
HANDLE hFile = CreateFile(LPCTSTR("filename"), // name of the write
我正在使用以下代码发送短信。但这似乎不会在未发送短信时产生异常。例如,当没有足够的钱发送时,我仍然会去 smsSucces();有没有人知道解决此问题的方法以确保它已发送? private b
我正在尝试将字符串转换为 DateTime,在一台计算机上,它工作正常,但在另一台计算机上,它却不行!它运行的计算机运行的是 32 位 Windows 7,它不运行的计算机运行的是 64 位 Wind
我在页面上使用表单让用户输入将用于各种目的的图像的 url。我正在编写一个 ajax 方法来确定他们提供的 url 是否实际上是图像。到目前为止,我已经这样做了: $(document).on('re
我在 jquery 中对 php 脚本进行 ajax 调用。但是 php 脚本需要返回什么才能触发 ajax 中的成功/错误处理程序。所以这是 ajax: $.ajax({ data:
几个简单的问题: 对于 native 和 Flash/Silverlight 垫片来说,成功事件是“规范化”事件吗?记录的示例表明它仅适用于 Flash/Silverlight 对象准备就绪的情况。
这个问题不太可能对任何 future 的访客有帮助;它只与一个小的地理区域、一个特定的时间点或一个非常狭窄的情况相关,通常不适用于互联网的全局受众。如需帮助使这个问题更广泛适用,visit the h
我尝试使用新的 Groovy Grape Groovy 1.6-beta-2 中的功能,但我收到一条错误消息; unable to resolve class com.jidesoft.swing.J
我正在使用 sequelize/nodejs/express/react 将实体持久化到 postgres 数据库 我有两个主要模型,国家和事件,我正在使用该应用程序,并且有一个名为“保存到数据库”的
我有以下代码,其中有 2 个电子邮件输入字段,我需要验证它们是否相同,并且使用 jQuery validate equalTo 成功运行。 Email Address
我正在尝试找出解决此问题的正确方法。 假设我们有一家元素商店。这些项目可以编辑、删除和创建。编辑或添加项目时,路线更改为/item/add 或/item/edit/{id}。 在 saga 成功添加或
这个问题已经有答案了: How do I return the response from an asynchronous call? (42 个回答) 已关闭 8 年前。 我有这段代码,警报工作正常
Closed. This question needs to be more focused。它当前不接受答案。 想改善这个问题吗?更新问题,使其仅关注editing this post的一个问题。
我想在单击超链接 (.remove_resort) 时(成功的 ajax 调用后)删除超链接的(父)跨度。 虽然ajax调用成功,但是最后span并没有被移除。这里出了什么问题? 请记住:有几个类
我正在编写一个非常简单的程序来将鼠标剪辑到指定的窗口。它从系统托盘运行,没有可见窗口。由于同一窗口会有多个实例,因此它使用 EnumWindows() 迭代每个顶级窗口,并将它们的 hwnd 与 Ge
我正在尝试找出如何执行 if 语句,以便如果玩家的击球率超过 0.250,则会为成功的 tr 添加一个类别。 我发现了以下堆栈问题,但我不确定可以使用或应该使用哪种方式以及如何使用这些堆栈问题。 ht
我是 Prolog 的新手,我正在尝试解决这个练习: Define a predicate greater_than/2 that takes two numerals in the notation
我是一名优秀的程序员,十分优秀!