0
爲EJB遠程認證激活自定義登錄模塊時,applicationrealm另外被稱爲認證。不幸的是,我不知道爲什麼。使用ejb遠程訪問和自定義登錄模塊/ applicationrealm進行的蜻蜓設置還被稱爲
在當前實現中,用戶登錄customlogin模塊並登錄到ejb。只有在application-users.properties中註冊了具有相同用戶名和相同密碼的用戶才能成功。更改用戶,以便登錄不再工作。我在這一點上不清楚是否通過application-users.properties(ApplicationRealm)專門運行身份驗證,還是通過application-users.properties和通過自定義登錄模塊進行組合。爲什麼它使用application-users.properties進行身份驗證。
目標是通過自定義登錄模塊完全驗證EJB遠程訪問。
以下的設置:
EJB遠程客戶端屬性:
props.put("java.naming.factory.initial", "org.jboss.naming.remote.client.InitialContextFactory");
props.put(java.naming.factory.url.pkgs, "org.jboss.ejb.client.naming");
props.put("jboss.naming.client.ejb.context", false);
props.put("org.jboss.ejb.client.scoped.context", true);
props.put("endpoint.name", "client-endpoint");
props.put("remote.connections", "default");
props.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", false);
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", false);
props.put("remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
props.put("java.naming.provider.url", "http-remoting://127.0.0.1:8080");
props.put("remote.connection.default.host", "127.0.0.1");
props.put("remote.connection.default.port", "8080");
props.put("remote.connection.default.username", "username");
props.put("remote.connection.default.password", "password");
EJB網址:
ejb:/my-app/MyServiceImpl!com.some.MyServiceInterface
standalone.xml配置基於正常standal one.xml(不完全):
安全領域
<security-realm name="MyRealm">
<authentication>
<jaas name="com.some.MyCustomLoginModule"/>
</authentication>
</security-realm>
安全域
<security-domain name="MySecurityDomain" cache-type="default">
<authentication>
<login-module code="com.some.MyCustomLoginModule" flag="required" module="login.my">
<module-option name="usersProperties" value="user.properties"/>
<module-option name="rolesProperties" value="roles.properties"/>
</login-module>
</authentication>
</security-domain>
遠程子系統
<subsystem xmlns="urn:jboss:domain:remoting:3.0">
<endpoint/>
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="MyRealm"/>
</subsystem>
實現:
個服務IMPL
@Stateless
@SecurityDomain("MySecurityDomain")
@DeclareRoles("user")
public class MyServiceImpl implements MyService {
private static final Logger logger = Logger.getLogger(MyServiceImpl .class);
@Resource
private EJBContext ejbContext;
@PermitAll
public String getPrincipalName() {
logger.info("Principal: " + ejbContext.getCallerPrincipal().getName());
return ejbContext.getCallerPrincipal().getName();
}
}
服務接口
@Remote
public interface MyService {
public String getPrincipalName();
}
自定義登錄模塊
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.jboss.security.auth.spi.UsersRolesLoginModule;
public class CustomLoginModule extends UsersRolesLoginModule {
private CustomPrincipal principal;
private static final Logger logger = Logger.getLogger(CustomLoginModule.class);
@Override
public void initialize(Subject arg0, CallbackHandler arg1, Map<String, ?> arg2, Map<String, ?> arg3) {
logger.info("init module from main class");
super.initialize(arg0, arg1, arg2, arg3);
}
public boolean login() throws LoginException {
logger.info("Calling login()");
logger.info("User before: " + getUsername());
boolean login = super.login();
logger.info("User: " + getUsername());
logger.info("Password: " + getUsersPassword());
if (login) {
principal = new CustomPrincipal(getUsername(), "An user description!");
}
return login;
}
protected Principal getIdentity() {
return principal != null ? principal : super.getIdentity();
}
}
不幸的是,這個解決方案不適合我們。但我已經閱讀了jboss文檔到你的解決方案「local default-user = $ local allowed-users = *」並找到真正的錯誤配置。請參閱其他答案。謝謝! https://docs.jboss.org/author/display/WFLY8/Security+Realms –