1. 首頁
  2. 問答
  3. Wicket UI上的PicketBox EJB身份驗證

Wicket UI上的PicketBox EJB身份驗證

2011-11-03 85 views
1

我正在使用EJB(在JBoss上)和Wicket作爲UI層。我添加安全到我的EJB,我security.conf看起來是這樣的:Wicket UI上的PicketBox EJB身份驗證

<application-policy name="my-security-domain"> 
    <authentication> 
     <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> 
      <module-option name="usersProperties">META-INF/users.properties</module-option> 
      <module-option name="rolesProperties">META-INF/roles.properties</module-option> 
     </login-module> 
    </authentication> 
</application-policy>

在UI層,我用作爲PicketBox驗證頁面指示PicketBox驗證:http://community.jboss.org/wiki/PicketBoxAuthentication#PicketBox_Authentication_in_a_JBoss_Application_Server_5_environment

我的檢票AuthenticatedWebSession子類看起來是這樣的:

private Subject subject; 
private SecurityContext securityContext; 

@Override 
public boolean authenticate(String username, 
          String password) 
{ 
    boolean authenticated = false; 
    securityContext = null; 
    SecurityFactory.prepare(); 

    try 
    { 
     String     securityDomainName = "my-security-domain"; 
     String     configFile   = "META-INF/security.conf"; 
     PicketBoxConfiguration idtrustConfig  = new PicketBoxConfiguration(); 
     idtrustConfig.load(configFile); 

     //Note: This is the most important line where you establish a security context 
     securityContext = SecurityFactory.establishSecurityContext(securityDomainName); 
     AuthenticationManager am = securityContext.getAuthenticationManager(); 
     subject = new Subject(); 

     Principal principal = new SimplePrincipal(username); 
     Object credential = new String(password); 
     authenticated = am.isValid(principal, credential, subject); 

     securityContext.getUtil().createSubjectInfo(principal, credential, subject); 
     //You may make call outs to other components here*/ 

     //DEBUG 
     for(Principal p : subject.getPrincipals()) 
     { 
      LOGGER.debug("Principal: " + p.getName()); 
      if(p instanceof Group) 
      { 
       Group       g  = (Group) p; 
       Enumeration<? extends Principal> members = g.members(); 
       while(members.hasMoreElements()) 
       { 
        Principal member = members.nextElement(); 
        LOGGER.debug("Group name: " + member.getName()); 
       } 
      } 
     } 
    } 
    catch(Exception e) 
    { 
     e.printStackTrace(); 
    } 

    return authenticated; 
}

到目前爲止好,我可以從UI的服務器進行身份驗證。但是,從UI層的其他位置對安全EJB的任何後續調用都將以「無效用戶」失敗,儘管我已經通過了身份驗證。

我已經在獨立客戶端測試了身份驗證,並且工作正常,之後我可以調用安全的EJB。

我也試圖通過這篇文章中列出的身份驗證和用戶界面仍然無法調用EJB的安全:http://iocanel.blogspot.com/2010/09/karafs-jaas-modules-in-action.html

任何幫助將不勝感激。

親切的問候,

來源

2011-11-03 Linh

回答

1

MNIE的一位同事建議我看在Web層的安全配置。我用下面的配置解決它:

的jboss-web.xml中:

<jboss-web> 
    <security-domain>java:/jaas/my-security-domain</security-domain> 
</jboss-web>

的web.xml:

<security-constraint> 
    <web-resource-collection> 
     <web-resource-name>My Resource</web-resource-name> 
     <url-pattern>/app/*</url-pattern> 
     <http-method>GET</http-method> 
     <http-method>POST</http-method> 
    </web-resource-collection> 
    <auth-constraint> 
     <role-name>*</role-name> 
    </auth-constraint> 
</security-constraint> 
<login-config> 
    <auth-method>FORM</auth-method> 
    <form-login-config> 
     <form-login-page>/login.html</form-login-page> 
     <form-error-page>/login-error.html</form-error-page> 
    </form-login-config> 
</login-config>

謝謝大家。

Linh

來源

2011-11-07 23:19:41 Linh

相關問題

 相關問題