Glassfish LoginException:登录失败:安全异常
我正在尝试使用GlassFish v3.1.1 Build 12和JSF 2.1设置容器管理的安全性。由于某种原因,我一直收到以下异常,无法登录Glassfish LoginException:登录失败:安全异常,glassfish,security,glassfish-3,jaas,jdbcrealm,Glassfish,Security,Glassfish 3,Jaas,Jdbcrealm,我正在尝试使用GlassFish v3.1.1 Build 12和JSF 2.1设置容器管理的安全性。由于某种原因,我一直收到以下异常,无法登录 WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception WARNING: Exception com.sun.enterprise.security
WARNING: WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
WARNING: Exception
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:394)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:240)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:153)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:512)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:453)
at org.apache.catalina.connector.Request.login(Request.java:1932)
at org.apache.catalina.connector.Request.login(Request.java:1895)
at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1146)
at com.perpro.controller.MemberBean.doNavigation(MemberBean.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.el.parser.AstValue.invoke(AstValue.java:234)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:382)
... 56 more
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 62 more
SEVERE: javax.servlet.ServletException: Exception thrown while attempting to authenticate for user: admin
at org.apache.catalina.connector.Request.login(Request.java:1964)
at org.apache.catalina.connector.Request.login(Request.java:1895)
at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1146)
at com.perpro.controller.MemberBean.doNavigation(MemberBean.java:354)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.el.parser.AstValue.invoke(AstValue.java:234)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:56)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:794)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1259)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1539)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:217)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:98)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:91)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:162)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:330)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:174)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:828)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:725)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1019)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:225)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: javax.servlet.ServletException: Failed login while attempting to authenticate user: admin
at org.apache.catalina.connector.Request.login(Request.java:1935)
... 51 more
web.xml:
<security-constraint>
<display-name>UserConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>AdminConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PerProUserAuth</realm-name>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/index.jsf?error=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>USER</role-name>
</security-role>
<security-role>
<description/>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role-mapping>
<role-name>ADMINISTRATOR</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
用户约束
页
/home.jsf
使用者
管理员
管理约束
页
/home.jsf
管理员
形式
PerProUserAuth
/index.jsf
/jsf?错误=true
使用者
管理员
glassfishweb.xml:
<security-constraint>
<display-name>UserConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>AdminConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PerProUserAuth</realm-name>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/index.jsf?error=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>USER</role-name>
</security-role>
<security-role>
<description/>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role-mapping>
<role-name>ADMINISTRATOR</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
管理员
内部的
外部的
使用者
内部的
外部的
GlassFish管理控制台领域设置:
<security-constraint>
<display-name>UserConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<display-name>AdminConstraints</display-name>
<web-resource-collection>
<web-resource-name>Pages</web-resource-name>
<description/>
<url-pattern>/home.jsf</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>PerProUserAuth</realm-name>
<form-login-config>
<form-login-page>/index.jsf</form-login-page>
<form-error-page>/index.jsf?error=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>USER</role-name>
</security-role>
<security-role>
<description/>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role-mapping>
<role-name>ADMINISTRATOR</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>Internal</group-name>
<group-name>External</group-name>
</security-role-mapping>
域名:PerProUserAuth类名:com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm
JAAS上下文:jdbcRealm
JNDI:MyDS
用户表:用户
用户名列:mem\u id
密码列:密码
组表:用户
组名列:成员状态
摘要算法:SHA-256
编码:Base64
最后,我的用户表有一个mem_id“admin”和一个SHA-256 base 64编码的密码(明文:admin):JIkcSMs4aijfwzpVjZ0MbzgWmoieGm7fxF0pTmH+cUI=只是一个猜测:我会尝试使用
jgl25bvbbw96qi9te4v37fnqchz/Eu4qB9vKrRIqRg=
作为密码admin的哈希
final MessageDigest messageDigest = java.security.MessageDigest.
getInstance("SHA-256");
final byte bin[] = messageDigest.digest(("admin").getBytes());
System.out.println(Base64.encodeBase64String(bin));
(Base64来自)
另一个想法是:尝试哈希8C6976E5B54104154BDE908BD4DEE15DFB167A9C873FC4BB8A81F6F2AB448A918
(密码:admin
)和十六进制编码。它是由以下内容生成的:
final String hash = DigestUtils.sha256Hex("admin");
System.out.println(hash);
罚款:JAAS身份验证中止。FINEST:doPasswordLogin failsI使用更新数据库中的密码,并将Glassfish领域编码更新为Base64,但我仍然得到相同的错误。你确实让我意识到我是在一个循环中,所以+1。我得到的哈希值与你只进行一次哈希后得到的哈希值相同。我的算法看起来和你的差不多,除了我忘了取出的循环。还有其他想法吗?您刚刚将编码更新为base64?问题说它是base 64:-)无论如何,请检查更新。谢谢!使用Apache编解码器API就成功了!我不知道为什么你和我设计的手动算法不起作用,但是DigestUtils非常有效。我一直在Base64和Hex之间切换,并相应地更新数据库中的密码以匹配。碰巧我当时正在使用十六进制。谢谢实际上,现在我再次查看它,我的手动方法返回了与上面相同的十六进制字符串:hex.encodeHexString(btPass);不确定什么改变了。@Adam Fisher:我很困惑:上面的域设置使用哪个密码?