Jakarta ee Shiro/CDI inject security principal对Glassfish有效,但对Wildfly无效
我正在将一些代码从Glassfish 4.1移植到Wildfly 10,但我在Shiro/CDI和java.security.Principal之间遇到了一些问题Jakarta ee Shiro/CDI inject security principal对Glassfish有效,但对Wildfly无效,jakarta-ee,wildfly,shiro,wildfly-10,Jakarta Ee,Wildfly,Shiro,Wildfly 10,我正在将一些代码从Glassfish 4.1移植到Wildfly 10,但我在Shiro/CDI和java.security.Principal之间遇到了一些问题 import java.security.Principal; import javax.enterprise.context.SessionScoped; import javax.inject.Inject; import javax.inject.Named; // simple user interface public i
import java.security.Principal;
import javax.enterprise.context.SessionScoped;
import javax.inject.Inject;
import javax.inject.Named;
// simple user interface
public interface User {
public String getId();
}
// user bean
@Named("user")
@SessionScoped
public class UserBean implements User, Serializable {
private Principal principal;
@Inject
private void initialise(Principal principal) {
this.principal = principal;
}
@Override
public String getId() {
return principal.getName();
}
}
// auth filter runs after shiro filters
public class AuthFilter implements javax.servlet.Filter {
@Inject
private User user;
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
log.debug("doFilter: user={}", user.getId());
...
}
}
发生的情况是:
- 用户请求一个安全页面
- Shiro拦截并重定向到登录页面
- 用户输入凭据(用户名=管理员)并提交页面
- Shiro验证并重定向到原始页面
- 调用身份验证筛选器,并记录用户主体名称
令牌验证成功。。。管理员
。只有最后一行不同:
-- both
[org.apache.shiro.realm.AuthenticatingRealm] AuthenticationInfo caching is disabled for info [admin]. Submitted token: [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false (127.0.0.1)].
[org.apache.shiro.authc.credential.SimpleCredentialsMatcher] Performing credentials equality check for tokenCredentials of type [[C and accountCredentials of type [java.lang.String]
[org.apache.shiro.authc.credential.SimpleCredentialsMatcher] Both credentials arguments can be easily converted to byte arrays. Performing array equals comparison
[org.apache.shiro.authc.AbstractAuthenticator] Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - admin, rememberMe=false (127.0.0.1)]. Returned account [admin]
[org.apache.shiro.subject.support.DefaultSubjectContext] No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup.
[org.apache.shiro.mgt.DefaultSecurityManager] Context already contains a session. Returning.
[org.apache.shiro.subject.support.DefaultSubjectContext] No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup.
[org.apache.shiro.web.servlet.SimpleCookie] Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/tools; Max-Age=0; Expires=Sun, 01-May-2016 10:24:02 GMT]
[org.apache.shiro.mgt.AbstractRememberMeManager] AuthenticationToken did not indicate RememberMe is requested. RememberMe functionality will not be executed for corresponding account.
-- glassfish
[com.example.servlet.AuthFilter] doFilter: user=admin
-- wildfly
[com.example.servlet.AuthFilter] doFilter: user=anonymous
这句话似乎在说我想做的是正确的:
每当访问注入的主体时,它总是表示
当前调用方的标识
所以我有点不明白这里失败的是什么
谢谢,尝试使用:
@资源负责人;
相反
您有关于这方面的更新吗?我也有类似的问题。@Dalton不,整个项目都被搁置了,所以我们就把它留给Glassfish了。干杯