Javaee Jboss j_security_check 登录总是失败

Posted 2023-02-22

【中文标题】Javaee Jboss j_security_check 登录总是失败

【英文标题】：Javaee Jboss j_security_check login always fails

【发布时间】：2017-07-16 09:19:10

【问题描述】：

我想为我的 Java EE 项目做一个简单的 j_security_check 登录，我发现这个 Tutorial 用 WildFly 服务器设置它，但还不能让它工作。每次我尝试登录时，都会被重定向到错误页面。

这是我的代码：

jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web version="8.0" xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/schema/jbossas/jboss-web_8_0.xsd">
  <security-domain>testDSSS</security-domain>
</jboss-web>

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>test123.xhtml</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <web-resource-collection>
          <web-resource-name>administrator</web-resource-name>
          <url-pattern>/pages/admin/*</url-pattern>
          <http-method>POST</http-method>
          <http-method>GET</http-method>
          <http-method>PUT</http-method>
          <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>ADMINISTRATOR</role-name>
        </auth-constraint>
    </security-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>user</web-resource-name>
            <url-pattern>/pages/user/*</url-pattern>
            <http-method>POST</http-method>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
          <role-name>ADMINISTRATOR</role-name>
          <role-name>USER</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>testDSSS</realm-name>
        <form-login-config>
            <form-login-page>/pages/login.xhtml</form-login-page>
            <form-error-page>/pages/error.xhtml</form-error-page>
        </form-login-config>
    </login-config>
    <security-role>
      <role-name>ADMINISTRATOR</role-name>
    </security-role> 
    <security-role>
      <role-name>USER</role-name>
    </security-role> 
</web-app>

login.xhtml

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://xmlns.jcp.org/jsf/html"
      xmlns:f="http://xmlns.jcp.org/jsf/core">
    <h:head>
        <title>TODO supply a title</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
    </h:head>
    <h:body>
        <form action="j_security_check" method="post" class="form-horizontal">
    <div class="form-group">
        <label class="control-label col-sm-2">Username:</label>
        <div class="col-sm-10">
            <input type="text" class="" name="j_username" placeholder="Username" />     
        </div>
    </div>
    <div class="form-group">
        <label class="control-label col-sm-2">Password:</label>
        <div class="col-sm-10">
            <input type="password" class="" name="j_password" placeholder="Password" />     
        </div>
    </div>
    <div class="form-group">
        <div class="col-sm-offset-2 col-sm-10">
            <button type="submit" class="btn btn-primary">Login</button>        
        </div></div>
        </form>
    </h:body>
</html>

我为安全配置添加的 WildFly Standalone_full.xml 代码

<security-domains>
                <security-domain name="testDSSS" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/testDSSS"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </login-module>
                    </authentication>
                    <authorization>
                        <policy-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/testDSSS"/>
                            <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
                            <module-option name="hashAlgorithm" value="MD5"/>
                            <module-option name="hashEncoding" value="hex"/>
                            <module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
                        </policy-module>
                    </authorization>
                </security-domain>

有人知道我做错了什么吗？

【问题讨论】：

如果日志级别不足以满足您的需求，请查找您的服务器日志，然后配置您的记录器。或者你可以调试你的代码来看看发生了什么，但这比寻找日志输出要麻烦得多。当您提出问题时，请尝试提供更多详细信息，例如使用此配置运行时的输出是什么

请添加您的数据库架构的详细信息，该架构通常由三个表组成。

【参考方案1】：

我遇到了同样的问题。在我的情况下，standalone-full.xml 中的 SQL 查询（rolesquery 和 principalsquery）是不正确的，因为我不使用列名用户名和密码，但有所不同。