如何解决在jboss 7.2上部署的应用程序的摘要式身份验证
我已经在jboss7.2上运行的应用程序的web.xml中配置了登录模块
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>newrealm</realm-name>
</login-config>
jboss-web.xml配置了安全域
<jboss-web>
<security-domain>securitydomain1</security-domain>
</jboss-web>
standalone.xml的安全域配置如下
<security-domain name="RPAHttps" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsusers.properties"/>
<module-option name="rolesProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsroles.properties"/>
<module-option name="defaultUsersProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsusers.properties"/>
<module-option name="defaultRolesProperties" value="D:\jboss7\jboss-eap-7.2\standalone\configuration\rpahttpsroles.properties"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="rfc2617"/>
<module-option name="ignorePasswordCase" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="passwordIsA1Hash" value="true"/>
<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
</login-module>
</authentication>
</security-domain>
我生成了如下所示存储在属性文件中的密码
D:\jboss7\jboss-eap-7.2\modules\system\layers\base\org\picketbox\main>java -classpath picketbox-5.0.3.Final-redhat-3.jar org.jboss.security.auth.callback.RFC2617Digest TD-ADMIN new_1015 RPAHttpsRealm
RFC2617 A1 hash: cdb6fe455334228532b07355043afcb6
请注意,我在storeDigestCall back模块选项中给出了相同的值。我曾尝试过其他的回叫课程
我遇到以下错误,请您帮忙
UG [io.undertow.request.security](默认任务2)/ rpaws / services / SearchIPAddressPort使用方法io.undertow.security.impl.CachedAuthenticatedSessionMechanism@234fd496的身份验证结果为NOT_ATTEMPTED 03:19:06,161调试[org.jboss.security](默认任务2)PBOX00281:密码散列已激活,算法:MD5,编码:rfc2617,字符集:null,回调:null,storeCallBack:org.jboss.security.auth .callback.RFC2617摘要 03:19:06,173 DEBUG [org.jboss.security](默认任务2)PBOX00283:用户名TD-ADMIN的密码错误 03:19:06,173调试[org.jboss.security](默认任务2)PBOX00206:登录失败:javax.security.auth.login.FailedLoginException:PBOX00070:密码无效/需要密码 在org.picketbox // org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286) 在org.picketbox // org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171) 在java.base / javax.security.auth.login.LoginContext.invoke(LoginContext.java:726) 在java.base / javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:665) 在java.base / javax.security.auth.login.LoginContext $ 4.run(LoginContext.java:663) 在java.base / java.security.AccessController.doPrivileged(本机方法) 在java.base / javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663) 在java.base / javax.security.auth.login.LoginContext.login(LoginContext.java:574) 在org.picketbox // org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406) 在org.picketbox // org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) 在org.picketbox // org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:323) 在org.picketbox // org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:89) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.digest.DigestAuthenticationMechanism.handleDigestHeader(DigestAuthenticationMechanism.java:312) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.digest.DigestAuthenticationMechanism.authenticate(DigestAuthenticationMechanism.java:170) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:268) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在org.wildfly.extension.undertow@7.2.0.GA-redhat-00005//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81) 在io.undertow.servlet@2.0.15.Final-redhat-00001//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360) 在io.undertow.core@2.0.15.Final-redhat-00001//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830) 在org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) 在org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985) 在org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487) 在org.jboss.threads@2.3.2.Final-redhat-1//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378) 在java.base / java.lang.Thread.run(Thread.java:834)
03:19:06,175调试[io.undertow.request.security](默认任务2),身份验证失败,并显示消息UT000038:身份验证失败,请求用户名'TD-ADMIN'和HttpServerExchange的机制DIGEST {POST / rpaws / services / SearchIPAddressPort请求{Connection = [Keep-Alive],SOAPAction = [“”],Authorization = [Digest username =“ TD-ADMIN”,realm =“ RPAHttpsRealm”,nonce =“ RFQLuAOrMiANMTU5ODIxOTM0NjE1NGdPOKC + 2c1pRogJZWM8eYU “ / rpaws / services / SearchIPAddressPort”,响应=“ a0e500d779a876633b968e0180f3da42”,qop = auth,nc = 00000001,cnonce =“ c18eb749fd10230c”,算法= MD5,opaque =“ 00000000000000000000000000000000000000”],Accept-Encoding = [gzip,放气] Content-Type = [text / xml; charset = UTF-8],Content-Length = [652],User-Agent = [Apache-HttpClient / 4.5.2(Java / 12.0.1)],Host = [localhost: 8080]}响应{Expires = [0],Cache-Control = [no-cache,no-store,must-revalidate],Pragma = [no-cache]}}
解决方法
我一直在为同样的问题苦苦挣扎,但是您对 standalone.xml 文件所做的添加使我可以使用它。这是我如何做到的。希望它可以帮助某人。
这是在 Jboss-EAP 7.2.9 上执行的
- 添加将用于 DIGEST 身份验证的用户和密码。
$ cd ./modules/system/layers/base/org/picketbox/main
$ java -classpath picketbox-5.0.3.Final-redhat-3.jar org.jboss.security.auth.callback.RFC2617Digest username PAssword1234 ApplicationRealm
RFC2617 A1 hash: 03e86946408b9e9c85c7b62f3d811062
- 将用户名和哈希添加到 ./standalone/configuration/application-users.properties 文件
username=03e86946408b9e9c85c7b62f3d811062
- 将角色添加到 ./standalone/configuration/application-roles.properties
username=RoleName
- 在我的应用程序的 jboss-web.xml 文件中
<jboss-web xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.jboss.com/xml/ns/javaee
http://www.jboss.org/j2ee/schema/jboss-web_5_1.xsd">
<security-domain>filesystemSD</security-domain>
<context-root>rest</context-root>
</jboss-web>
- 在我的应用程序的 web.xml 文件的底部,我添加了以下内容:
<security-constraint>
<web-resource-collection>
<web-resource-name>rest</web-resource-name>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>RoleName</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>RoleName</role-name>
</security-role>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>ApplicationRealm</realm-name>
</login-config>
</web-app>
- 然后我运行了这三个 jboss-cli 命令
/subsystem=security/security-domain=filesystemSD:add
/subsystem=security/security-domain=filesystemSD/authentication=classic:add
/subsystem=security/security-domain=filesystemSD/authentication=classic/login-module=UsersRoles:add(code=UsersRoles,flag=required,module-options=["usersProperties"=>"file:///${jboss.server.config.dir}/application-users.properties",\
"rolesProperties"=>"file:///${jboss.server.config.dir}/application-roles.properties",\
"hashAlgorithm"=>"MD5",\
"hashEncoding"=>"rfc2617",\
"ignorePasswordCase"=>"false",\
"hashStorePassword"=>"true",\
"hashUserPassword"=>"false",\
"passwordIsA1Hash"=>"true",\
"storeDigestCallback"=>"org.jboss.security.auth.callback.RFC2617Digest"])
- 然后重新加载 jboss 并部署应用程序。当用户尝试访问 /rest/ 时,系统会提示他们输入您在步骤 1 中创建的用户名和密码
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。