1. 首頁
  2. 問答
  3. 的WebSphere自由JSR-250實現(RolesAllowed)

的WebSphere自由JSR-250實現(RolesAllowed)

2016-01-08 80 views
1

爲了使用JSR-250(RolesAllowed,PermitAll,DenyAll)的安全註解:的WebSphere自由JSR-250實現(RolesAllowed)

  • 在新澤西,你會註冊RolesAllowedDynamicFeature類。

  • 在RestEasy的,你可以使用的web.xml配置:

    <context-param> 
    <param-name>resteasy.role.based.security</param-name> 
    <param-value>true</param-value> 
</context-param>

這兩個依靠SecurityContext.isUserInRole()實現,但似乎在WebSphere Liberty配置文件沒有。

我們如何在WebSphere Liberty Profile(WLP)中使用它?

我用一個小例子:在一個過濾器

@Path("/rest") 
public class HelloWorld { 
    @GET 
    @RolesAllowed("ANYTHING") 
    public Response hello() { 
     return Response.ok("Hello World").build(); 
    } 
}
  • 設置你的SecurityContextImpl,覆蓋的isUserInRole()總是返回true:

    1. 與@RolesAllowed創建資源類/方法;

    2. 爲JAX-RS實現啓用「基於角色的安全性」。 (Jersey或RESTeasy等等,對於WLP,我必須添加appSecurity-2.0功能)
    3. 你應該有一個工作示例。

    但是,即使isUserInRole返回true,WebSphere Liberty Profile也會返回403 Forbidden。

    有誰知道如何在Liberty中正確使用@RolesAllowed註釋以及我可能會丟失什麼?

    代碼

    @ApplicationPath("/") 
public class MyApplication extends Application { 
    public MyApplication() {} 
} 

@Provider 
@Priority(Priorities.AUTHENTICATION) 
public class AuthFilter implements ContainerRequestFilter { 
    @Override 
    public void filter(ContainerRequestContext ctx) throws IOException { 
     System.out.println("Setting SecurityContext.."); 
     ctx.setSecurityContext(new MySecurityContext("someuser", "anyrole")); 
    } 
} 

public class MySecurityContext implements SecurityContext { 

    private String user; 
    private String role; 

    public static class MyPrincipal implements Principal { 
     private String name; 

     public MyPrincipal(String name) { this.name = name; } 
     @Override public String getName() { return name; } 
    } 

    public MySecurityContext(String user, String role) { 
     this.user = user; 
     this.role = role; 
    } 

    @Override public String getAuthenticationScheme() { return "BASIC"; } 
    @Override public Principal getUserPrincipal() { return new MyPrincipal(user); } 
    @Override public boolean isSecure() { return true; } 

    @Override 
    public boolean isUserInRole(String role) { 
     return true; 
    } 
} 

@Path("/test") 
public class HelloWorld { 
    @GET 
    @RolesAllowed("doesntmatter") 
    public Response hello() { 
     return Response.ok("Hello World").build(); 
    } 
}

    pom.xml中(只依賴)

    <dependencies> 
    <dependency> 
     <groupId>javax.ws.rs</groupId> 
     <artifactId>javax.ws.rs-api</artifactId> 
     <version>2.0.1</version> 
     <scope>provided</scope> 
    </dependency> 
    <dependency> 
     <groupId>javax.annotation</groupId> 
     <artifactId>javax.annotation-api</artifactId> 
     <version>1.2</version> 
     <scope>provided</scope> 
    </dependency> 
</dependencies>

    server.xml中

    代碼,是用appSecurity功能禁用。無法使用它啓用。

    <server description="test"> 
    <featureManager> 
     <feature>jaxrs-2.0</feature> 
     <feature>localConnector-1.0</feature> 
     <!-- <feature>appSecurity-2.0</feature> --> 
    </featureManager> 

    <webApplication id="RoleTest" location="RoleTest.war" name="RoleTest"/> 
    <httpEndpoint httpPort="9081" httpsPort="9444" id="defaultHttpEndpoint"/> 

    <!-- below lines are required when appSecurity feature is loaded --> 
    <!-- 
    <keyStore id="defaultKeyStore" password="{xor}Lz4sLCgwLTtu"/> 
    <basicRegistry id="basic" realm="BasicRegistry"> 
     <user name="username" password="password" /> 
    </basicRegistry> 
    --> 
</server>

    • 來源

    2016-01-08 gb.

    +0

    如果您爲liberty服務器提供了server.xml,這將會很有幫助。 – Alasdair

    +0

    1.你知道授權是如何完成的嗎?你提到了RESTeasy和Jersey做了什麼組件,但沒有提到WS。 2.您是否已將您的身份驗證過濾器標記爲早期優先級:.e.g'@Priority(Priorities.AUTHENTICATED)'。 3.您是否在SecurityContext中設置了Principal(http://stackoverflow.com/a/34497750/2587435)? –

    +0

    @peeskillet 1.也許我碰到了錯誤的文檔,但我發現唯一啓用「appSecurity-2.0」功能的文檔。 2.請參閱編輯代碼示例。 3.請參閱編輯代碼示例。 –

    回答

    0

    可能是你可以試試這個:

    1 server.xml中

    <server description="test"> 
    <featureManager> 
     <feature>jaxrs-2.0</feature> 
     <feature>appSecurity-2.0</feature> 
    </featureManager> 

    <webApplication id="RoleTest" location="RoleTest.war" name="RoleTest"> 
     <application-bnd> 
      <security-role name="ANYTHING"> 
       <user name="username" /> 
      </security-role> 
      <security-role name="AuthenticationRole"> 
       <user name="username" /> 
      </security-role> 
      <security-role name="AllAuthenticated"> 
       <special-subject type="ALL_AUTHENTICATED_USERS" /> 
      </security-role> 
     </application-bnd> 
    </webApplication> 

    <httpEndpoint httpPort="9081" httpsPort="9444" id="defaultHttpEndpoint" /> 

    <basicRegistry id="basic" realm="BasicRegistry"> 
     <user name="username" password="password" /> 
    </basicRegistry> 
</server>

    2 Java代碼的 創建一個所有MyApplication類和資源類/法@RolesAllowed:

    @ApplicationPath("/") 
public class MyApplication extends Application { 
    public MyApplication() {} 
    public Set<Class<?>> getClasses(){ 
     Set<Class<?>> classes = new HashSet(); 
     classes.add(HelloWorld.class); 

     return classes; 
    } 
} 


@Path("/rest") 
public class HelloWorld { 
    @GET 
    @RolesAllowed("ANYTHING") 
    public Response hello() { 
     return Response.ok("Hello World").build(); 
    } 
}

    3 web.xml

    <web-app xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee web-app_3_0.xsd" 
    version="3.0"> 

    <display-name>Test Application</display-name> 
    <description>blablabla</description> 

    <servlet> 
     <servlet-name>MyApplication</servlet-name> 
     <servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class> 
     <init-param> 
      <param-name>requestProcessorAttribute</param-name> 
      <param-value>requestProcessorAttribute_webcontainer</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 
    <servlet> 
     <servlet-name>com.xxx.MyApplication</servlet-name> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>SecurityContextApp</servlet-name> 
     <url-pattern>/*</url-pattern> 
    </servlet-mapping> 
    <servlet-mapping> 
     <servlet-name>com.xxx.MyApplication</servlet-name> 
     <url-pattern>/xxx/*</url-pattern> 
    </servlet-mapping> 


    <security-constraint id="SecurityConstraint_2"> 
     <web-resource-collection id="WebResourceCollection_2"> 
      <web-resource-name>com.xxx.MyApplication 
      </web-resource-name> 
      <description>Protection area for Rest Servlet</description> 
      <url-pattern>/xxx/rest</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
     </web-resource-collection> 
     <user-data-constraint id="UserDataConstraint_2"> 
      <transport-guarantee>NONE</transport-guarantee> 
     </user-data-constraint> 
     <auth-constraint id="AuthConstraint_2"> 
      <role-name>AuthenticationRole</role-name> 
     </auth-constraint> 
    </security-constraint>  


    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>test</realm-name> 
    </login-config> 
    <security-role id="SecurityRole_1"> 
     <description>blabla</description> 
     <role-name>ANYTHING</role-name> 
    </security-role> 

    <security-role id="SecurityRole_2"> 
     <role-name>AuthenticationRole</role-name> 
    </security-role> 

</web-app>

    任何其他問題,請給我留言。

    來源

    2016-01-13 06:39:27

    相關問題

     相關問題