1. 首頁
  2. 問答
  3. 在JBoss AS 7的web.xml中沒有角色的身份驗證

在JBoss AS 7的web.xml中沒有角色的身份驗證

2011-12-15 86 views
6

對於RESTful企業應用程序,我需要所有的調用都要進行身份驗證,但是我無法提供系統所有用戶都擁有的公共組/滾動權限。我通過LDAP進行身份驗證和授權(對此問題應該沒有什麼不同)。在JBoss AS 7的web.xml中沒有角色的身份驗證

如果我將元素註釋掉了,如下面的web.xml所示,我根本沒有得到任何認證。我如何在不需要共同角色的情況下進行身份驗證?另外,一個空的auth-consraint不起作用。

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 
    <context-param> 
     <!-- fpe: This one is necessary. --> 
     <param-name>resteasy.role.based.security</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>Resteasy</web-resource-name> 
      <url-pattern>/*</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
      <http-method>PUT</http-method> 
      <http-method>DELETE</http-method> 
     </web-resource-collection> 
<!--  <auth-constraint> --> 
<!--   <role-name>*</role-name> --> 
<!--  </auth-constraint> --> 
     <user-data-constraint> 
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 
    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>Login</realm-name> 
    </login-config> 
<!-- <security-role> --> 
<!--  <role-name>the_common_role</role-name> --> 
<!-- </security-role> --> 
</web-app>

使用*正確的伎倆:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 
    <context-param> 
     <!-- fpe: This one is necessary. --> 
     <param-name>resteasy.role.based.security</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>Resteasy</web-resource-name> 
      <url-pattern>/*</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
      <http-method>PUT</http-method> 
      <http-method>DELETE</http-method> 
     </web-resource-collection> 
     <auth-constraint> 
      <role-name>*</role-name> 
     </auth-constraint> 
     <user-data-constraint> 
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 
    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>Login</realm-name> 
    </login-config> 
    <security-role> 
     <role-name>*</role-name> 
    </security-role> 
</web-app>

來源

2011-12-15 Frank

回答

6

答案的問題追加。

來源

2012-11-21 10:56:03 Frank

相關問題

 相關問題