Ich versuche, das Datenbank-Login-Modul mit meinem Projekt im Wildfly 10 Container arbeiten zu lassen.Wildfly 10 Datenbank Login-Modul
Ich habe dieses Tutorial gefolgt: https://www.examsmyantra.com/article/119/javaee/form-based-login-authentication-in-javaee7-with-wildfly-and-mysql
Und es ist ein bisschen arbeiten.
Ich habe ein EAR-Projekt mit einem EJB-Modul und einem Web-Modul (Krieg). Der Krieg enthält nicht die EJB, auf die er über die Fern-Suche zugreift.
Also, wenn ich einen eingeschränkten Teil der WAR zugreift, werde ich korrekt an das Login-Formular (j_security_check
) gesendet.
Wenn ich mich anmelde, kann ich den eingeschränkten Teil sehen.
Auch wenn ich einen Server eingebe, welchen Benutzer ich bin und überprüfe, ob ich eine bestimmte Rolle habe, funktioniert es. Servlet-Code:
final String username = request.getUserPrincipal().getName();
logger.info("Current username acourding to the WEB: {}", request.getUserPrincipal().getName());
logger.info("User has Role user acourding to the WEB: {}", request.isUserInRole("user"));
logger.info("User has Role admin acourding to the WEB: {}", request.isUserInRole("admin"));
Log:
INFO [com.example.web.servlet.DatasetServlet] (default task-5) Current username acourding to the WEB: user
INFO [com.example.web.servlet.DatasetServlet] (default task-5) User has Role user acourding to the WEB: true
INFO [com.example.web.servlet.DatasetServlet] (default task-5) User has Role admin acourding to the WEB: true
INFO [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user
aber wenn ich die EJB-Bean wie folgt eingeben:
final String dataset = remote.getActiveDataset(); // this is still the servlet (WAR)
EJB:
final String username = this.ejbContext.getCallerPrincipal().getName();
logger.info("Get active dataset for the user: " + username);
logger.info("User has role 'user' {}", this.ejbContext.isCallerInRole("user"));
logger.info("User has role 'admin' {}", this.ejbContext.isCallerInRole("admin"));
erhalte ich:
Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class
Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule
Das vollständige Protokoll zeigt dies:
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO [com.example.business.remote.DatasetEJB] (default task-5) Get active dataset for the user: user
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
2016-09-16 22:53:52,724 DEBUG [org.jboss.security] (default task-5) PBOX00293: Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:106)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:207)
at org.jboss.as.naming.InitialContext$DefaultInitialContext.lookup(InitialContext.java:235)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:193)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:189)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.getPolicyRegistrationFromJNDI(EJBAuthorizationHelper.java:353)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:170)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2016-09-16 22:53:52,727 DEBUG [org.jboss.security] (default task-5) PBOX00282: Failed to instantiate class Database: java.lang.ClassNotFoundException: Database from [Module "deployment.ear.ear.business-ejb-assignment-SNAPSHOT.jar:main" from Service Module Loader]
at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:198)
at org.jboss.modules.ConcurrentClassLoader.performLoadClassUnchecked(ConcurrentClassLoader.java:363)
at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:351)
at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:93)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:326)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
...
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2016-09-16 22:53:52,728 DEBUG [org.jboss.security] (default task-5) PBOX00326: isCallerInRole processing failed: java.lang.IllegalStateException: PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.instantiateModule(JBossAuthorizationContext.java:336)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.initializeModules(JBossAuthorizationContext.java:205)
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:141)
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:438)
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115)
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.isCallerInRole(EJBAuthorizationHelper.java:187)
at org.jboss.as.security.service.SimpleSecurityManager.isCallerInRole(SimpleSecurityManager.java:229)
at org.jboss.as.ejb3.component.EJBComponent.isCallerInRole(EJBComponent.java:400)
at org.jboss.as.ejb3.context.EJBContextImpl.isCallerInRole(EJBContextImpl.java:115)
at com.example.business.remote.DatasetEJB.getActiveDataset(DatasetEJB.java:225)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
...
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
TRACE [org.jboss.security.audit] (default task-5) [Error]Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={roleRefPermissionCheck=true, roleName=user, policyRegistration=null}:method=null:ejbMethodInterface=null:ejbName=DatasetEJB:ejbPrincipal=org.w[email protected]36ebcb:MethodRoles=null:securityRoleReferences=[]:callerSubject=Subject:
Principal: user
Principal: Roles(members:user,admin)
Principal: CallerPrincipal(members:user)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=2.0];Action=authorization;roleRefPermissionCheck=true;Exception:=PBOX00071: Failed to instantiate interface org.jboss.security.authorization.AuthorizationModule class;roleName=user;Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;policyRegistration=null;
TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: {}
INFO [com.example.business.remote.DatasetEJB] (default task-5) User has role 'user' false
Und ich verstehe nicht, warum.
Meine Vermutung ist, dass die Sicherheitsdomäne korrekt konfiguriert ist, denn sonst würde der Krieg nicht funktionieren. Es muss also etwas mit einer fehlenden Konfiguration im EJB zu tun haben.
Einige zusätzliche Informationen:
Im standalone.xml habe ich diese Einstellungen:
<subsystem xmlns="urn:jboss:domain:ejb3:4.0">
...
<default-security-domain value="jdbcejbrick"/>
<default-missing-method-permissions-deny-access value="false"/>
<log-system-exceptions value="true"/>
</subsystem>
Und
<security-domain name="jdbcejbrick" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
<module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
<module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
</login-module>
</authentication>
<authorization>
<policy-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/poc-ejb-alg"/>
<module-option name="rolesQuery" value="SELECT a.NAME, 'Roles' FROM AUTHORIZATIONS a LEFT JOIN AUTHORIZATION_USER au on au.AUTHORIZATION_ID = a.ID LEFT JOIN AUTHORIZATION_USER_GROUP aug on aug.AUTHORIZATION_ID = a.ID LEFT JOIN USER_GROUPS ug on aug.GROUP_ID = ug.ID LEFT JOIN USER_USER_GROUP uug on ug.ID = uug.GROUP_ID LEFT JOIN USERS u on (au.USER_ID = u.ID) or (uug.USER_ID = u.ID) WHERE u.NAME=?"/>
<module-option name="principalsQuery" value="select PASSWORD from USERS where NAME=?"/>
</policy-module>
</authorization>
</security-domain>
Ich habe einen jboss-ejb3.xml in src/main/Ressourcen/META-INF des EJB
Ich habe eine ejb-jar.xml in src/main/resources/META-INF der EJB
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar>
<assembly-descriptor>
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
</assembly-descriptor>
</ejb-jar>
Ich fühle, dass ich wirklich in der Nähe bin, also bitte helfen.
Erstellen Sie ein Jira darüber, wenn Sie denken, dass die Warnung/Fehlermeldung es wert ist. – ehsavoie