Java 如何在Wildfly 8上捕获Picketbox/Undertow中的FailedLoginException以应用CORS
在ContainerResponseFilter的帮助下,我能够将CORS头应用于所有传出的响应,并且通过ExceptionMapper,我可以对所有错误和异常执行相同的操作,除了Picketbox/Undertow应该在Wildfly中抛出的任何与身份验证相关的异常 无论我做什么尝试,我的ExceptionMapper都不会捕捉到它,因此前端无法读取401状态,因为响应没有附加CORS头(XHR HTTP状态代码只是变为0) 我正在使用PBKDF2设置对MySQL数据库进行身份验证,起初我认为,由于身份验证是在单独的模块中运行的,所以我的应用程序不会捕获它,但即使将所有身份验证代码移动到我自己的应用程序中,我也会遇到同样的问题 这是我在尝试使用错误密码进行身份验证时得到的日志条目(当我根本不发送任何凭据时,我得到了一个非常类似的条目): 2014-11-29 16:11:08053跟踪[org.jboss.security](默认任务-4)PBOX000224:End getAppConfigurationEntry(PBKDF2DatabaseDomain),AuthInfo:AppConfigurationEntry[]: [0] LoginModule类:com.example.myapplication.security.SaltedDatabaseServerLoginModule ControlFlag:LoginModuleControlFlag:必需 选项: name=dsJndiName,value=java:/user name=principalsQuery,value=SELECTJava 如何在Wildfly 8上捕获Picketbox/Undertow中的FailedLoginException以应用CORS,java,security,jakarta-ee,authentication,wildfly-8,Java,Security,Jakarta Ee,Authentication,Wildfly 8,在ContainerResponseFilter的帮助下,我能够将CORS头应用于所有传出的响应,并且通过ExceptionMapper,我可以对所有错误和异常执行相同的操作,除了Picketbox/Undertow应该在Wildfly中抛出的任何与身份验证相关的异常 无论我做什么尝试,我的ExceptionMapper都不会捕捉到它,因此前端无法读取401状态,因为响应没有附加CORS头(XHR HTTP状态代码只是变为0) 我正在使用PBKDF2设置对MySQL数据库进行身份验证,起初我认为
Hash
FROMaccount
WHERE ID=?
name=rolesQuery,value=SELECTRole
,“Roles”来自account
ID
=
2014-11-29 16:11:08053跟踪[org.jboss.security](默认任务4)PBOX000236:开始初始化方法
2014-11-29 16:11:08053 TRACE[org.jboss.security](默认任务-4)PBOX000262:模块选项[dsjndName:java:/user,principalsQuery:SELECTHash
FROMaccount
WHERE ID=?,rolesQuery:SELECTRole
,“Roles”FROMaccount
ID=?,suspendResume:true]
2014-11-29 16:11:08053跟踪[org.jboss.security](默认任务4)PBOX000240:开始登录方法
2014-11-29 16:11:08053跟踪[org.jboss.security](默认任务4)PBOX000263:执行查询选择Hash
FROMaccount
WHERE ID=?使用用户名1@2.se
2014-11-29 16:11:08062调试[org.jboss.security](默认任务4)PBOX000283:用户名密码错误1@2.com
2014-11-29 16:11:08062跟踪[org.jboss.security](默认任务4)PBOX000244:开始中止方法
2014-11-29 16:11:08062调试[org.jboss.security](默认任务4)PBOX000206:登录失败:javax.security.auth.Login.failedLogin异常:PBOX000070:密码无效/需要密码
在org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284)[picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)[rt.jar:1.8.0_25]
在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)[rt.jar:1.8.025]
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)[rt.jar:1.8.025]
在java.lang.reflect.Method.invoke(Method.java:483)[rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)[rt.jar:1.8.0\u 25]
在javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)[rt.jar:1.8.0\u 25]
在javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)[rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)[rt.jar:1.8.0_25]
位于java.security.AccessController.doPrivileged(本机方法)[rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.login(LoginContext.java:587)[rt.jar:1.8.0\u 25]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408)[picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)[picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333)[picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)[picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
位于org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
在org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)上
在io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:110)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)[undertow-core-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)[undertow-core-1.0.15.Fina
@Provider
public class NotAuthorizedExceptionMapper implements ExceptionMapper<Throwable>{
@Override
public Response toResponse(Throwable exception) {
Response response = Response.status(Response.Status.UNAUTHORIZED).build();
response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
response.getHeaders().putSingle("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, allow, content-length, date, last-modified");
return response;
}
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="default" socket-binding="https" security-realm="ApplicationRealm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="cors-origin"/>
<filter-ref name="cors-methods"/>
<filter-ref name="cors-headers"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="cors-origin" header-name="Access-Control-Allow-Origin" header-value="your-domain-here.com"/>
<response-header name="cors-methods" header-name="Access-Control-Allow-Methods" header-value="OPTIONS, GET, POST, PUT, DELETE"/>
<response-header name="cors-headers" header-name="Access-Control-Allow-Headers" header-value="origin, content-type, accept, authorization, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, allow, content-length, date, last-modified, if-modified-since"/>
</filters>
</subsystem>