Fatal编程技术网
  • java/
  • Java 如何在Jboss7.1中配置简单身份验证

Java 如何在Jboss7.1中配置简单身份验证

java security jsp

Java 如何在Jboss7.1中配置简单身份验证,java,security,jsp,jboss7.x,Java,Security,Jsp,Jboss7.x,我正在从事纯JSP(Scriptlet)编写的项目,不使用任何框架 jboss版本:jboss-as-7.1.0.Final 我现在尝试在它上面添加简单的身份验证。所以当用户试图浏览JSP时,比如说,http://localhost/myContextPath/hello.jsp,首先需要登录 web.xml <security-constraint> <web-resource-collection> <web-resource-name&

我正在从事纯JSP(Scriptlet)编写的项目,不使用任何框架

jboss版本:jboss-as-7.1.0.Final

我现在尝试在它上面添加简单的身份验证。所以当用户试图浏览JSP时,比如说,
http://localhost/myContextPath/hello.jsp
,首先需要登录

web.xml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

<jboss-web>
<security-domain>other</security-domain>
</jboss-web>
角色.属性(放在webapp类文件夹下)

在所有这些修改之后,我尝试浏览我的hello jsp。我像往常一样工作。没有身份验证,也没有例外

我不确定我的方向是否正确,或者安全约束是完全不同的事情。
请帮忙,谢谢

我不认为需要更改JBoss配置,因为如果您以后想更改服务器容器,配置也需要更改。相反,使用session对象检查会话是否已经存在。如果它没有将页面重定向到登录页面。 这将返回当前会话

request.getSession()

在登录页面中,将当前会话设置为属性


session.setAttribute('sess',request.getSession())


使用此比较,用户将无法直接访问任何其他页面。
只需按照以下步骤设置7.1的基本身份验证

试试这个

配置
Web.xml
这对我有用
这对我有用。
将其添加到web.xml中


    <security-constraint>
    <web-resource-collection>
        <web-resource-name>HtmlAuth</web-resource-name>
        <description>application security constraints
        </description>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
    <role-name>user</role-name>
</security-role>




海姆劳斯
应用程序安全约束
/*
删除
放
头
选择权
痕迹
得到
邮递
用户
基本的
应用领域
用户


然后添加或创建jboss-web.xml:


<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>




java:/jaas/other


将用户名添加到jboss:
C:\jboss\jboss-eap-6.2\bin>add-user.bat


What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : testid
User 'testid' already exits, would you like to update the existing user password
 and roles
Is this correct yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated
list, or leave blank for none)[user]: user,Manager
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\standalone\configuration\a
pplication-users.properties'
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\domain\configuration\appli
cation-users.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\s
tandalone\configuration\application-roles.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\d
omain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS pr
ocess?
 e.g. for a slave host controller connecting to the master or for a Remoting conn
ection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <sec
ret value="TWF2ZXJpY2sjMDE=" />
Press any key to continue . . .



您希望添加什么类型的用户?
a) 管理用户(管理用户.属性)
b) 应用程序用户(应用程序用户.属性)
(a) :b
输入要添加的新用户的详细信息。
使用从现有属性文件中发现的领域“ApplicationRealm”。
用户名:testid
用户“testid”已退出,是否要更新现有用户密码
和角色
这是否正确?是/否?对
密码:
重新输入密码:
您希望此用户属于哪些组?(请输入逗号分隔。)
列表,或留空表示无)[用户]:用户,经理
已将用户“testid”更新为文件“C:\jboss\jboss-eap-6.2\standalone\configuration\a”
应用程序用户。属性'
已将用户“testid”更新为文件“C:\jboss\jboss-eap-6.2\domain\configuration\appli”
用户。属性'
已将用户“testid”与组用户、管理员一起更新到文件“C:\jboss\jboss-eap-6.2\s”
独立\配置\应用程序角色。属性'
已将用户“testid”与组用户、管理员一起更新到文件“C:\jboss\jboss-eap-6.2\d”
omain\configuration\application roles.properties'
这个新用户是否将用于一个AS进程以连接到另一个AS进程
过程?
e、 g.对于连接到主控制器或远程连接的从主机控制器
用于服务器到服务器EJB调用的节。
是/否?对
要表示用户,请将以下内容添加到服务器标识定义中
按任意键继续。

出于某种原因,我希望在不同的jboss上对webapp进行不同的访问控制。这就是我尝试在jboss配置中配置它的原因。安全约束也可以工作吗?据我所知,您需要在
安全约束
中使用
auth约束
。请尝试以下链接:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>

<security-role>
    <role-name>user</role-name>
</security-role>



<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>



C:\dev\jboss-eap-6.2\bin>add-user

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : johngalt
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: user
About to add user 'johngalt' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-users.properties'
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-users.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-roles.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
Press any key to continue . . .

C:\dev\jboss-eap-6.2\bin>



    <security-constraint>
    <web-resource-collection>
        <web-resource-name>HtmlAuth</web-resource-name>
        <description>application security constraints
        </description>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
        <role-name>user</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
    <role-name>user</role-name>
</security-role>



<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>



What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : testid
User 'testid' already exits, would you like to update the existing user password
 and roles
Is this correct yes/no? yes
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated
list, or leave blank for none)[user]: user,Manager
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\standalone\configuration\a
pplication-users.properties'
Updated user 'testid' to file 'C:\jboss\jboss-eap-6.2\domain\configuration\appli
cation-users.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\s
tandalone\configuration\application-roles.properties'
Updated user 'testid' with groups user,Manager to file 'C:\jboss\jboss-eap-6.2\d
omain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS pr
ocess?
 e.g. for a slave host controller connecting to the master or for a Remoting conn
ection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <sec
ret value="TWF2ZXJpY2sjMDE=" />
Press any key to continue . . .