Java 使用Wildfly Elytron Security编程登录
我正在将一些遗留应用程序从JBossAS6迁移到Wildfly。由于旧式(picketbox)安全系统已被弃用,我想改用elytron。我按照quickstart示例进行了操作,我认为我已经正确设置了配置,但在迁移实际代码时遇到了问题 有时我们希望直接授权用户,而不是依赖客户机或servlet的调用。这在集成测试中尤其重要,因为我们希望测试需要特定权限的ejb方法。目前,我执行手动授权的登录方法如下所示:Java 使用Wildfly Elytron Security编程登录,java,jboss,ejb,wildfly,elytron,Java,Jboss,Ejb,Wildfly,Elytron,我正在将一些遗留应用程序从JBossAS6迁移到Wildfly。由于旧式(picketbox)安全系统已被弃用,我想改用elytron。我按照quickstart示例进行了操作,我认为我已经正确设置了配置,但在迁移实际代码时遇到了问题 有时我们希望直接授权用户,而不是依赖客户机或servlet的调用。这在集成测试中尤其重要,因为我们希望测试需要特定权限的ejb方法。目前,我执行手动授权的登录方法如下所示: public boolean login(String domain, Credentia
public boolean login(String domain, Credentials credentials)
{
try
{
lc = new javax.security.auth.login.LoginContext(domain,
new PassiveCallbackHandler(credentials.getUsername(), credentials.getPassword()));
lc.login();
Subject subject = lc.getSubject();
pushSubjectContext(credentials.getUsername(), credentials.getPassword());
if (sessionActivityService != null)
{
sessionActivityId = sessionActivityService.activateSession(applicationName, "127.0.0.1");
}
return true;
}
catch (LoginException e)
{
e.printStackTrace();
return false;
}
}
当我尝试使用在elytron子系统中定义的安全域调用该方法时,它失败了。通过代码调试,我可以看到LoginContext没有看到来自elytron的任何安全域。只有遗留(jboss.as:security)域可见,因此它默认为“其他”安全域
有什么办法可以用elytron做我想做的吗
仅供参考,以下是我的配置中的一些片段:
standalone.xml:
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<security-domains>
...
<security-domain name="TestOptics" default-realm="testRealm" permission-mapper="default-permission-mapper">
<realm name="testRealm" role-decoder="groups-to-roles"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<jdbc-realm name="testRealm">
<principal-query sql="SELECT password FROM	persons WHERE username=?" data-source="TestOpticsDS">
<clear-password-mapper password-index="1"/>
</principal-query>
<principal-query sql="select roles.name,'Roles' from persons join persons_to_roles on persons_to_roles.person_id=persons.id join roles on roles.id=persons_to_roles.role_id where persons.username=? and persons.enabled=1 and persons.password is not null union select 'authenticated','Roles'" data-source="OpticsDS">
<attribute-mapping>
<attribute to="Roles" index="1"/>
</attribute-mapping>
</principal-query>
</jdbc-realm>
...
</security-realms>
...
<http>
...
<http-authentication-factory name="test-http-auth" security-domain="TestOptics" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
...
<sasl-authentication-factory name="test-app-sasl-auth" sasl-server-factory="configured" security-domain="TestOptics">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
...
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
...
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="TestOptics" security-domain="TestOptics"/>
</application-security-domains>
<default-missing-method-permissions-deny-access value="true"/>
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_14_0.xsd" version="14.0">
<!-- <context-root>person/test</context-root> -->
<security-domain>TestOptics</security-domain>
</jboss-web>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestOptics</realm-name>
</login-config>
</web-app>
...
...
...
...
...
...
...
jboss web.xml:
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<security-domains>
...
<security-domain name="TestOptics" default-realm="testRealm" permission-mapper="default-permission-mapper">
<realm name="testRealm" role-decoder="groups-to-roles"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<jdbc-realm name="testRealm">
<principal-query sql="SELECT password FROM	persons WHERE username=?" data-source="TestOpticsDS">
<clear-password-mapper password-index="1"/>
</principal-query>
<principal-query sql="select roles.name,'Roles' from persons join persons_to_roles on persons_to_roles.person_id=persons.id join roles on roles.id=persons_to_roles.role_id where persons.username=? and persons.enabled=1 and persons.password is not null union select 'authenticated','Roles'" data-source="OpticsDS">
<attribute-mapping>
<attribute to="Roles" index="1"/>
</attribute-mapping>
</principal-query>
</jdbc-realm>
...
</security-realms>
...
<http>
...
<http-authentication-factory name="test-http-auth" security-domain="TestOptics" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
...
<sasl-authentication-factory name="test-app-sasl-auth" sasl-server-factory="configured" security-domain="TestOptics">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
...
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
...
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="TestOptics" security-domain="TestOptics"/>
</application-security-domains>
<default-missing-method-permissions-deny-access value="true"/>
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_14_0.xsd" version="14.0">
<!-- <context-root>person/test</context-root> -->
<security-domain>TestOptics</security-domain>
</jboss-web>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestOptics</realm-name>
</login-config>
</web-app>
测试光学
web.xml:
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<security-domains>
...
<security-domain name="TestOptics" default-realm="testRealm" permission-mapper="default-permission-mapper">
<realm name="testRealm" role-decoder="groups-to-roles"/>
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local"/>
<jdbc-realm name="testRealm">
<principal-query sql="SELECT password FROM	persons WHERE username=?" data-source="TestOpticsDS">
<clear-password-mapper password-index="1"/>
</principal-query>
<principal-query sql="select roles.name,'Roles' from persons join persons_to_roles on persons_to_roles.person_id=persons.id join roles on roles.id=persons_to_roles.role_id where persons.username=? and persons.enabled=1 and persons.password is not null union select 'authenticated','Roles'" data-source="OpticsDS">
<attribute-mapping>
<attribute to="Roles" index="1"/>
</attribute-mapping>
</principal-query>
</jdbc-realm>
...
</security-realms>
...
<http>
...
<http-authentication-factory name="test-http-auth" security-domain="TestOptics" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
<sasl>
...
<sasl-authentication-factory name="test-app-sasl-auth" sasl-server-factory="configured" security-domain="TestOptics">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local"/>
<mechanism mechanism-name="BASIC">
<mechanism-realm realm-name="testRealm"/>
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
...
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:6.0">
...
<default-security-domain value="other"/>
<application-security-domains>
<application-security-domain name="TestOptics" security-domain="TestOptics"/>
</application-security-domains>
<default-missing-method-permissions-deny-access value="true"/>
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}"/>
<log-system-exceptions value="true"/>
</subsystem>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web>
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_14_0.xsd" version="14.0">
<!-- <context-root>person/test</context-root> -->
<security-domain>TestOptics</security-domain>
</jboss-web>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TestOptics</realm-name>
</login-config>
</web-app>
基本的
测试光学