Java jdbRealm和基本http:密码登录成功,网页显示403
我创建了一个简单的maven web项目,并尝试使用基本身份验证和JDBream来保护它 在我的glassfish 4.0服务器上,我创建了一个领域并启用了“默认主体到角色映射”。安全日志记录级别设置为最高级 my web.xml如下所示:Java jdbRealm和基本http:密码登录成功,网页显示403,java,basic-authentication,jdb,Java,Basic Authentication,Jdb,我创建了一个简单的maven web项目,并尝试使用基本身份验证和JDBream来保护它 在我的glassfish 4.0服务器上,我创建了一个领域并启用了“默认主体到角色映射”。安全日志记录级别设置为最高级 my web.xml如下所示: <?xml version="1.0" encoding="UTF-8"?> <web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>UserConstraint</display-name>
<web-resource-collection>
<web-resource-name>ApiResource</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jdbc-realm</realm-name>
</login-config>
<security-role>
<description/>
<role-name>user</role-name>
</security-role>
</web-app>
但是,该页面显示HTTP状态403-禁止。
我不知道。我还尝试了自定义主体角色映射,但也不起作用
Fine: [Web-Security] Setting Policy Context ID: old = null ctxID = security/security
Fine: [Web-Security] hasUserDataPermission perm: ("javax.security.jacc.WebUserDataPermission" "" "GET")
Fine: [Web-Security] hasUserDataPermission isGranted: true
Fine: [Web-Security] Policy Context ID was: security/security
Fine: [Web-Security] Codesource with Web URL: file:/security/security
Fine: [Web-Security] Checking Web Permission with Principals : null
Fine: [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine: [Web-Security] hasResource isGranted: false
Fine: [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
Fine: Logging in user [joost] into realm: jdbc-realm using JAAS module: jdbcRealm
Fine: Login module initialized: class com.sun.enterprise.security.ee.auth.login.JDBCLoginModule
Finest: JDBC login succeeded for: joost groups:[users]
Fine: JAAS login complete.
Fine: JAAS authentication committed.
Fine: Password login succeeded for : joost
Fine: Set security context as user: joost
Fine: [Web-Security] Policy Context ID was: security/security
Fine: [Web-Security] Generating a protection domain for Permission check.
Fine: [Web-Security] Checking with Principal : joost
Fine: [Web-Security] Checking with Principal : users
Fine: [Web-Security] Codesource with Web URL: file:/security/security
Fine: [Web-Security] Checking Web Permission with Principals : joost, users
Fine: [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine: [Web-Security] hasResource isGranted: false
Fine: [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Fine: [Web-Security] Policy Context ID was: security/security
Fine: [Web-Security] hasUserDataPermission perm: ("javax.security.jacc.WebUserDataPermission" "" "GET")
Fine: [Web-Security] hasUserDataPermission isGranted: true
Fine: [Web-Security] Policy Context ID was: security/security
Fine: [Web-Security] Codesource with Web URL: file:/security/security
Fine: [Web-Security] Checking Web Permission with Principals : null
Fine: [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine: [Web-Security] hasResource isGranted: false
Fine: [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
Fine: Logging in user [joost] into realm: jdbc-realm using JAAS module: jdbcRealm
Fine: Login module initialized: class com.sun.enterprise.security.ee.auth.login.JDBCLoginModule
Finest: JDBC login succeeded for: joost groups:[users]
Fine: JAAS login complete.
Fine: JAAS authentication committed.
Fine: Password login succeeded for : joost
Fine: Set security context as user: joost
Fine: [Web-Security] Policy Context ID was: security/security
Fine: [Web-Security] Codesource with Web URL: file:/security/security
Fine: [Web-Security] Checking Web Permission with Principals : joost, users
Fine: [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest: JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine: [Web-Security] hasResource isGranted: false
Fine: [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Fine: FileRealm : file=C:\Users\Joost\School\S6\SOP\development_server\glassfish\domains\domain1\config\admin-keyfile
Fine: FileRealm : jaas-context=ignore
Fine: Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
Fine: File login succeeded for: admin
Fine: JAAS login complete.
Fine: JAAS authentication committed.