JBoss Wildfly-数据库登录模块 [英] JBoss Wildfly - database login module

问题描述

JBoss Wildfly 8.0.0-Final
JSF 2.2.4

JBoss Wildfly 8.0.0-Final
JSF 2.2.4

首先，我使用application-users.properties和application-roles.properties创建了登录名. 使用add-user.bat

First I created login using the application-users.properties and application-roles.properties. Added user with add-user.bat

Web.xml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Admin Resource</web-resource-name>
        <url-pattern>/admin/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
    <user-data-constraint>
        <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/error.xhtml</form-error-page>
    </form-login-config>
</login-config>

<security-role>
    <role-name>admin</role-name>
</security-role>

Standalone.xml

Standalone.xml

<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>

login.xhtml

login.xhtml

    <?xml version="1.0" encoding="UTF-8"?>
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
    xmlns:f="http://xmlns.jcp.org/jsf/core"
    xmlns:h="http://xmlns.jcp.org/jsf/html"
    xmlns:p="http://primefaces.org/ui">
    <div class="center">
        <form method="POST" action="j_security_check" id="">
            <h:panelGrid id="panel" columns="2" border="1" cellpadding="4" cellspacing="4">
                <h:outputLabel for="j_username" value="Username:" />
                <input type="text" name="j_username" />
                <h:outputLabel for="j_password" value="Password:" />
                <input type="password" name="j_password" />
                <h:panelGroup>
                    <input type="submit" value="Login" />
                </h:panelGroup>
            </h:panelGrid>
        </form>
    </div>
</ui:composition>

所以工作正常..现在我要使用数据库身份验证..所以我更改了standalone.xml.

So that worked fine.. now I want to use database authentication.. so I change the standalone.xml.

<login-module code="Database" flag="sufficient">
    <module-option name="dsJndiName" value="java:jboss/jsi/GarageXADataSource"/>
    <module-option name="principalsQuery" value="select encode(password, 'hex') from principal where username=?"/>
    <module-option name="rolesQuery" value="select r.role, r.role_group from role r inner join principal p on r.role = p.role where p.username=?"/>
    <module-option name="hashAlgorithm" value="SHA-512"/>
    <module-option name="hashEncoding" value="hex"/>
</login-module>

我使用此sql在数据库中插入一个角色和一个用户(PostgreSQL 9.3)

I use this sql to insert a role and a user in the database ( PostgreSQL 9.3 )

插入角色(role，role_group)VALUES('admin'，'Roles');
插入 INTO主体(用户名，电子邮件，密码，角色)VALUES("Kris"， 'xx @ gmail.com'，digest('pass'，'sha512')，'admin');

INSERT INTO role(role, role_group) VALUES ('admin', 'Roles');
INSERT INTO principal(username, email, password, role) VALUES ('Kris', 'xx@gmail.com', digest('pass', 'sha512'), 'admin');

但是登录不起作用. 我在日志中看不到任何错误. 在AS 7.1.1上，我曾经使用过这种方法.

But the login does not work. I see no errors in the log. I have used this approach before on AS 7.1.1 where it worked.

感谢您的帮助.

推荐答案

首先，DatabaseServerLoginModule日志处于跟踪级别，因此您应按如下所示将org.jboss.security日志级别设置为在您的standalone.xml中进行跟踪.现在，您应该在server.log中看到错误了.

Firstly DatabaseServerLoginModule logs to trace level, so you should set org.jboss.security log levels to trace in your standalone.xml as follows. Now you should see the errors in your server.log

<logger category="org.jboss.security">
    <level name="TRACE"/>
</logger>

您还需要在jboss-web.xml中添加一个领域名称

You also need to add a realm-name within your jboss-web.xml

<jboss-web>
    <security-domain>java:/jaas/MyRealm</security-domain>
</jboss-web>

您尚未在登录模块配置代码段周围提供周围的标签.您应该在下面有这个东西.领域名称需要与您的web.xml中的名称匹配

You have not supplied the surrounding tags around your login-module configuration snippet. You should have something this below. The realm name needs to match that in your web.xml

<subsystem xmlns="urn:jboss:domain:security:1.0">
  <security-domains>  
    <security-domain name="MyRealm">  
       <authentication>  
         <login-module code="Database" flag="required">  
         ....
      </authentication>  
    </security-domain>  
  </security-domains>  
</subsystem> 

完成此操作后，您可以从server.log中发布任何错误.

Once you have done this could you post any errors from your server.log.

这篇关于JBoss Wildfly-数据库登录模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！