1
我想让数据库登录模块与Wildfly 10容器中的项目一起工作。wildfly 10数据库登录模块
它还挺工作。
我有一个EJB模块和一个Web模块(war)的EAR项目。这场战争不包含使用远程查找访问它的EJB。
因此,当我访问WAR的受限制部分时,我会正确发送到登录表单(j_security_check)。
当我登录时,我可以看到受限制的部分。
即使当我登录servet的用户时,我也会检查是否有特定的角色。 servlet代码:
final String username = request.getUserPrincipal().getName();
logger.info("Current username acourding to the WEB: {}", request.getUserPrincipal().getName());
logger.info("User has Role user acourding to the WEB: {}", request.isUserInRole("user"));
logger.info("User has Role admin acourding to the WEB: {}", request.isUserInRole("admin"));
登录:
INFO [com.example.web.servlet.DatasetServlet] (default task-5) Current username acourding to the WEB: user
INFO [com.example.web.servlet.DatasetServlet] (default task-5) User has Role user acourding to the WEB: true
INFO [com.example.web.servlet.DatasetServlet] (default task-5) User has Role admin acourding to the WEB: true
INFO [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user
但是当我进入EJB豆这样的:
final String dataset = remote.getActiveDataset(); // this is still the servlet (WAR)
EJB:
final String username = this.ejbContext.getCallerPrincipal().getName();
logger.info("Get active dataset for the user: " + username);
logger.info("User has role 'user' {}", this.ejbContext.isCallerInRole("user"));
logger.info("User has role 'admin' {}", this.ejbContext.isCallerInRole("admin"));
我得到:
Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class
Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule
完整的日志显示此:
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
2016-09-16 22:53:52,724 DEBUG [org.jboss.security] (default task-5) PBOX00293: Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:106)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:207)
at org.jboss.as.naming.InitialContext$DefaultInitialContext.lookup(InitialContext.java:235)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:193)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:189)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.getPolicyRegistrationFromJNDI(EJBAuthorizationHelper.java:353)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:170)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2016-09-16 22:53:52,727 DEBUG [org.jboss.security] (default task-5) PBOX00282: Failed to instantiate class Database: java.lang.ClassNotFoundException: Database from [Module "deployment.ear.ear.business-ejb-assignment-SNAPSHOT.jar:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:326)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
...
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2016-09-16 22:53:52,728 DEBUG [org.jboss.security] (default task-5) PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:336)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
TRACE [org.jboss.security.audit] (default task-5) [Error]Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, roleName=user, policyRegistration=null}:method=null:ejbMethodInterface=null:ejbName=DatasetEJB:ejbPrincipal=org.w[email protected]36ebcb:MethodRoles=null:securityRoleReferences=[]:callerSubject=Subject:
Principal: user
Principal: Roles(members:user,admin)
Principal: CallerPrincipal(members:user)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=2.0];Action=authorization;roleRefPermissionCheck=true;Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class;roleName=user;Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;policyRegistration=null;
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO [com.example.business.remote.DatasetEJB] (default task-5) User has role 'user' false
而且我不明白为什么。
我的猜测是安全域配置正确,否则战争将无法正常工作。所以它必须与EJB中缺少的配置有关。
一些额外的信息:
在standalone.xml我有这些设置:
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
...
<default-security-domain value="jdbcejbrick"/>
<default-missing-method-permissions-deny-access value="false"/>
<log-system-exceptions value="true"/>
</subsystem>
而且
<security-domain name="jdbcejbrick" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
<module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
<module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
</login-module>
</authentication>
<authorization>
<policy-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
<module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
<module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
</policy-module>
</authorization>
</security-domain>
我有一个JBoss-ejb3.xml中的src/main// EJB的资源/ META-INF
<?xml version="1.0"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns:sec="urn:security" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd
http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd
urn:security urn:security"
version="3.1" impl-version="2.0">
<assembly-descriptor>
<sec:security>
<ejb-name>*</ejb-name>
<sec:security-domain>jdbcejbrick</sec:security-domain>
</sec:security>
</assembly-descriptor>
</jboss:ejb-jar>
我在的src /主/资源/ EJB的
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar>
<assembly-descriptor>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>
我感觉我是真正的接近的META-INF的ejb-jar.xml中,所以请大家帮忙。
如果您认为警告/错误消息是值得的,请为此创建一个Jira。 – ehsavoie