Jsf Wildfly 11中的表单身份验证回退_Jsf_Active Directory_Wildfly_Spnego

Jsf Wildfly 11中的表单身份验证回退

jsf active-directory

Jsf Wildfly 11中的表单身份验证回退,jsf,active-directory,wildfly,spnego,Jsf,Active Directory,Wildfly,Spnego,我目前有一个可用的SPNEGO配置，可以使用kerberos票证登录。现在我想退回到基于表单的身份验证，使用j_security_检查用户名/密码，并根据AD/LDAP进行身份验证如果我设置了SPNEGO，则表单会重定向到登录页面。现在我不知道如何从这里开始？我的登录表单到底需要一个bean吗，或者这些值是自动传递给服务器的吗？ standalone.xml中需要什么配置非常感谢您的帮助。使用Wildfly 11 我当前的配置： web.xml <security-constrai

我目前有一个可用的SPNEGO配置，可以使用kerberos票证登录。现在我想退回到基于表单的身份验证，使用j_security_检查用户名/密码，并根据AD/LDAP进行身份验证

如果我设置了

SPNEGO，则表单

会重定向到登录页面。现在我不知道如何从这里开始？我的登录表单到底需要一个bean吗，或者这些值是自动传递给服务器的吗？ standalone.xml中需要什么配置

非常感谢您的帮助。使用Wildfly 11

我当前的配置：

web.xml

 <security-constraint>
    <display-name>Security Constraint on Conversation</display-name>
    <web-resource-collection>
      <web-resource-name>MyApp</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>SPNEGO</realm-name>
  </login-config>

  <security-role>
    <description>Role required to log in to the Application</description>
    <role-name>*</role-name>
  </security-role>

<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <context-root>/MyApp</context-root>
  <default-encoding>UTF-8</default-encoding>
 <security-domain>SPNEGO</security-domain>
  <jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>

<security-domain name="SPNEGO" cache-type="default">
                    <authentication>
                        <login-module code="SPNEGO" flag="required">
                            <module-option name="serverSecurityDomain" value="host"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host" cache-type="default">
                    <authentication>
                        <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
                            <module-option name="refreshKrb5Config" value="true"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="keyTab" value="${jboss.server.config.dir}/wildfly.keytab"/>
                            <module-option name="storeKey" value="true"/>
                            <module-option name="principal" value="HTTP/me.example.com@EXAMPLE.COM"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>
                </security-domain>

 <form method="post" action="j_security_check">
            <h:form prependId="false" >
                <h:outputText value="Username"/>
                <p:password id="j_username" value="#{login.username}" />
                <p/>
                <h:outputText value="Passwort"/>
                <p:password id="j_password" value="#{login.password}" />
                <p/>
                <p:commandButton ajax="false" value="Login" action="#{login.login()}" />
            </h:form>
        </form>


会话的安全约束
MyApp
/*
*
斯普尼戈
斯普尼戈
登录到应用程序所需的角色
*

jboss web.xml

 <security-constraint>
    <display-name>Security Constraint on Conversation</display-name>
    <web-resource-collection>
      <web-resource-name>MyApp</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>SPNEGO</realm-name>
  </login-config>

  <security-role>
    <description>Role required to log in to the Application</description>
    <role-name>*</role-name>
  </security-role>

<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <context-root>/MyApp</context-root>
  <default-encoding>UTF-8</default-encoding>
 <security-domain>SPNEGO</security-domain>
  <jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>

<security-domain name="SPNEGO" cache-type="default">
                    <authentication>
                        <login-module code="SPNEGO" flag="required">
                            <module-option name="serverSecurityDomain" value="host"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host" cache-type="default">
                    <authentication>
                        <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
                            <module-option name="refreshKrb5Config" value="true"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="keyTab" value="${jboss.server.config.dir}/wildfly.keytab"/>
                            <module-option name="storeKey" value="true"/>
                            <module-option name="principal" value="HTTP/me.example.com@EXAMPLE.COM"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>
                </security-domain>

 <form method="post" action="j_security_check">
            <h:form prependId="false" >
                <h:outputText value="Username"/>
                <p:password id="j_username" value="#{login.username}" />
                <p/>
                <h:outputText value="Passwort"/>
                <p:password id="j_password" value="#{login.password}" />
                <p/>
                <p:commandButton ajax="false" value="Login" action="#{login.login()}" />
            </h:form>
        </form>


/MyApp
UTF-8
斯普尼戈
真的

standalone.xml

 <security-constraint>
    <display-name>Security Constraint on Conversation</display-name>
    <web-resource-collection>
      <web-resource-name>MyApp</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>SPNEGO</realm-name>
  </login-config>

  <security-role>
    <description>Role required to log in to the Application</description>
    <role-name>*</role-name>
  </security-role>

<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <context-root>/MyApp</context-root>
  <default-encoding>UTF-8</default-encoding>
 <security-domain>SPNEGO</security-domain>
  <jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>

<security-domain name="SPNEGO" cache-type="default">
                    <authentication>
                        <login-module code="SPNEGO" flag="required">
                            <module-option name="serverSecurityDomain" value="host"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host" cache-type="default">
                    <authentication>
                        <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
                            <module-option name="refreshKrb5Config" value="true"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="keyTab" value="${jboss.server.config.dir}/wildfly.keytab"/>
                            <module-option name="storeKey" value="true"/>
                            <module-option name="principal" value="HTTP/me.example.com@EXAMPLE.COM"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>
                </security-domain>

 <form method="post" action="j_security_check">
            <h:form prependId="false" >
                <h:outputText value="Username"/>
                <p:password id="j_username" value="#{login.username}" />
                <p/>
                <h:outputText value="Passwort"/>
                <p:password id="j_password" value="#{login.password}" />
                <p/>
                <p:commandButton ajax="false" value="Login" action="#{login.login()}" />
            </h:form>
        </form>

login.xhtml

 <security-constraint>
    <display-name>Security Constraint on Conversation</display-name>
    <web-resource-collection>
      <web-resource-name>MyApp</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>*</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>SPNEGO</realm-name>
  </login-config>

  <security-role>
    <description>Role required to log in to the Application</description>
    <role-name>*</role-name>
  </security-role>

<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <context-root>/MyApp</context-root>
  <default-encoding>UTF-8</default-encoding>
 <security-domain>SPNEGO</security-domain>
  <jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>

<security-domain name="SPNEGO" cache-type="default">
                    <authentication>
                        <login-module code="SPNEGO" flag="required">
                            <module-option name="serverSecurityDomain" value="host"/>
                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="host" cache-type="default">
                    <authentication>
                        <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
                            <module-option name="refreshKrb5Config" value="true"/>
                            <module-option name="doNotPrompt" value="true"/>
                            <module-option name="useKeyTab" value="true"/>
                            <module-option name="keyTab" value="${jboss.server.config.dir}/wildfly.keytab"/>
                            <module-option name="storeKey" value="true"/>
                            <module-option name="principal" value="HTTP/me.example.com@EXAMPLE.COM"/>
                            <module-option name="debug" value="true"/>
                        </login-module>
                    </authentication>
                </security-domain>

 <form method="post" action="j_security_check">
            <h:form prependId="false" >
                <h:outputText value="Username"/>
                <p:password id="j_username" value="#{login.username}" />
                <p/>
                <h:outputText value="Passwort"/>
                <p:password id="j_password" value="#{login.password}" />
                <p/>
                <p:commandButton ajax="false" value="Login" action="#{login.login()}" />
            </h:form>
        </form>

没有看到任何WildFly代码，但这在CMS（容器管理安全）中是不可能的。元素

auth method

是单数，而不是复数

您必须形成一个支持SPNEGO的混合身份验证，然后返回到form auth。但这将是非常棘手的，因为您如何知道客户没有提供SPNEGO票据？您必须为此维护每个连接状态，并重定向到表单。如果您使用

WWW-Authenticate:Negotiate

预先发送表单，则客户端将永远不会重新检索您的资源，并且您的表单也不会踢出它

我建议反对并将

协商

与

基本

相结合。这有点让人头疼。

如果您使用这样的登录表单，它实际上不再是“jsf”表单。用于表单登录wpuld的普通html表单应为“相同”。你试过了吗？不请do@Kukeltje：是的，此问题与必要的wildfly配置有关