JAAS + 来自数据库的身份验证

Posted

技术标签:

【中文标题】JAAS + 来自数据库的身份验证【英文标题】:JAAS + authentication from database 【发布时间】:2012-04-24 07:27:54 【问题描述】:

我正在尝试使用 JAAS 从数据库执行身份验证 我已经像这样配置了 login-config.xml

<application-policy name="e-procurment_domaine">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name = "dsJndiName">BasepfeDS</module-option> 
<module-option name="securityDomain">java:/jaas/e-procurment_domaine</module-option>
<module-option name="principalsQuery">SELECT pass FROM personne WHERE login=?</module-option>
<module-option name="rolesQuery">SELECT disc  FROM personne  WHERE login=?</module-option>
</login-module>
</authentication>
</application-policy>

我已经写了一个测试:这个

@Test
    public void testFindALL() 
        System.out.println("Debut  test de la méthode findALL");

//       WebAuthentication wa=new WebAuthentication();
//       wa.login("zahrat", "zahrat");
        securityClient.setSimple("zahrat", "zahrat");

        try 
            securityClient.login();
         catch (LoginException e) 
            // TODO Auto-generated catch block
            e.printStackTrace();
        
        Acheteur acheteur = new Acheteur();
        System.out.println("" + acheteurRemote.findAll().size());

        //  catch (EJBAccessException ex) 
        // System.out.println("Erreur attendue de type EJBAccessException: "
        // + ex.getMessage());

        //  catch (Exception ex) 

        // ex.printStackTrace();
        // fail("Exception pendant le test find ALL");
        System.out.println("Fin  test find ALL");

    //  

测试失败,我不知道为什么,但是当我使用 .property 文件的方法更改 polycy 时,它可以工作..

我在会话 BEAN 类上使用注解

@SecurityDomain("e-procurment_domaine")
@DeclareRoles("acheteur","vendeur","physique")
@RolesAllowed("acheteur","vendeur","physique")

以及方法的会话注释

@RolesAllowed("physique")
    @Override
    public List<Acheteur> findAll() 
        log.debug("fetching all Acheteur");
        return daoGenerique.findWithNamedQuery("Acheteur.findAll");
    

我认为测试可以访问我的数据库 JBOSS 上需要 mysql DRIVER 或特殊配置吗?


堆栈跟踪是:

 javax.ejb.EJBAccessException: Invalid User
    at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:392)
    at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
    at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
    at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:898)
    at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:791)
    at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744)
    at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)
    at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)
    at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:216)
    at org.jboss.remoting.Client.invoke(Client.java:1961)
    at org.jboss.remoting.Client.invoke(Client.java:804)
    at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
    at $Proxy12.invoke(Unknown Source)
    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
    at $Proxy11.findAll(Unknown Source)
    at com.soutem.test.UtilsateurSessionBean.testFindALL(UtilsateurSessionBean.java:180)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
    at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
    at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
    at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
    at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
    at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143)
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
    at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
    at $Proxy12.invoke(Unknown Source)
    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
    at $Proxy11.findAll(Unknown Source)
    at com.soutem.test.UtilsateurSessionBean.testFindALL(UtilsateurSessionBean.java:180)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
    at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
    at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
    at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
    at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)

【问题讨论】:

【参考方案1】:

当然,MySQL 驱动程序必须部署到 JBoss。 并且您必须在 JBoss 配置控制台中定义名为“BasepfeDS”的 JDBC 连接。

Full Stack Trace 对调试更有帮助...

【讨论】:

BasepfeDS 拼写正确,因为我的 web 和 android 客户端工作正常,我的驱动程序 mysql 在服务器上,所有测试都正确; 请检查结果:SELECT disc, pass FROM personne WHERE login='zahrat'【参考方案2】:

这个政策有效

    <application-policy name="testDB"> <authentication><login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"flag="required">
<module-option name="dsJndiName">java:/BasepfeDS</module-option><module-option name="principalsQuery"> select pass from personne  where login=?</module-option><module-option name="rolesQuery"> select disc, 'Roles' from personne where login=?</module-option></login-module></authentication>

JBOSS 文档非常有用且清晰 http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html#sect-DatabaseServerLoginModule

【讨论】:

以上是关于JAAS + 来自数据库的身份验证的主要内容,如果未能解决你的问题,请参考以下文章

Windows 域的 JAAS 身份验证

如何集成基于 angularjs 和 java jaas 的身份验证?

camunda-webapp 和 JAAS 身份验证

使用 WildFly 在 JMS 中进行 JAAS 身份验证:javax.jms.JMSSecurityException:HQ119032:用户:null 没有权限 = 在地址 2 上发送

绕过对用户名/密码的 JConsole 要求 - 当使用带有 JMX 的 Jaas 自定义登录模块来处理授权和身份验证时

为啥我的程序无法创建新的 JAAS 登录上下文?