如何捕捉FailedLoginException在Picketbox /暗潮上Wildfly 8应用CORS [英] How to catch FailedLoginException in Picketbox/Undertow on Wildfly 8 to apply CORS
问题描述
随着ContainerResponseFilter我能够CORS头适用于所有传出的响应,并与ExceptionMapper我可以做同样的所有错误和异常的帮助下,的除了的任何身份验证相关的例外Picketbox /暗潮应该在Wildfly扔。
With the help of a ContainerResponseFilter I am able to apply CORS headers to all outgoing Responses, and with an ExceptionMapper I can do the same on all Errors and Exceptions, except for any authentication related Exceptions that Picketbox/Undertow is supposed to throw in Wildfly.
我ExceptionMapper的从不的抓住它,不管我怎么努力,其结果是,前端无法读取401状态,因为响应不具有附加的CORS头文件(即HTTP XHR状态code刚刚变为0)。
My ExceptionMapper never catches it no matter what I try, and as a result, the frontend can't read the 401 status since the response doesn't have the CORS headers appended (the XHR HTTP status code just becomes 0).
我使用这的PBKDF2设置反对一个MySQL数据库进行身份验证,起初我想,也许由于认证是在一个单独的模块运行它并没有被我的应用程序捕获,但即使将所有的认证code到我自己的应用程序后,我有同样的问题。
I am using this PBKDF2 setup to authenticate against a MySQL database, and at first I thought that maybe since the authentication was run in a separate module it wasn't being caught by my application, but even after moving all the authentication code into my own application I have the same problem.
这是日志条目试图用错误的密码进行身份验证时,我得到(我得到一个非常类似的之一,当我根本不发送任何凭据的话):
This is the log entry I get when trying to authenticate with the wrong password (I get a very similar one when I simply don't send any credentials at all):
2014年11月29日16:11:08053 TRACE [org.jboss.security](默认任务-4)PBOX000224:结束的getAppConfigurationEntry(PBKDF2DatabaseDomain),AUTHINFO:AppConfigurationEntry []:
[0]
登录模块类:com.example.myapplication.security.SaltedDatabaseServerLoginModule
ControlFlag:LoginModuleControlFlag:要求
选项:
名称= dsJndiName,值=的java:/用户
名称= principalsQuery,值= SELECT 哈希
FROM 帐户
WHERE ID =?
名称= rolesQuery,值= SELECT 角色
,角色从户口所在帐户
。 ID
=?
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000224: End getAppConfigurationEntry(PBKDF2DatabaseDomain), AuthInfo: AppConfigurationEntry[]: [0] LoginModule Class: com.example.myapplication.security.SaltedDatabaseServerLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=dsJndiName, value=java:/user name=principalsQuery, value=SELECT
Hash
FROMaccount
WHERE ID=? name=rolesQuery, value=SELECTRole
, 'Roles' FROM account WHEREaccount
.ID
=?
2014年11月29日16:11:08053 TRACE [org.jboss.security](默认任务-4)PBOX000236:开始初始化方法
2014年11月29日16:11:08053 TRACE [org.jboss.security](默认任务-4)PBOX000262:模块选项[dsJndiName:JAVA:/用户,principalsQuery:SELECT 哈希
从帐户
WHERE ID = ?, rolesQuery:SELECT 角色
,角色从户口所在帐户
ID
= ?, suspendResume:真]
2014年11月29日16:11:08053 TRACE [org.jboss.security](默认任务-4)PBOX000240:开始登录方法
2014年11月29日16:11:08053 TRACE [org.jboss.security](默认任务-4)PBOX000263:执行查询SELECT 哈希
FROM 帐户
WHERE ID =?使用用户名1@2.se
2014年11月29日16:11:08062 DEBUG [org.jboss.security](默认任务-4)PBOX000283:用户名密码错误1@2.com
2014年11月29日16:11:08062 TRACE [org.jboss.security](默认任务-4)PBOX000244:开始abort方法
2014年11月29日16:11:08062 DEBUG [org.jboss.security](默认任务-4)PBOX000206:登录失败:需要密码无效/密码:javax.security.auth.login.FailedLoginException:PBOX000070
在org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284)picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)的rt.jar:1.8.0_25]
在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)的rt.jar:1.8.0_25]
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)的rt.jar:1.8.0_25]
在java.lang.reflect.Method.invoke(Method.java:483)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.access $ 000(LoginContext.java:195)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext中$ 4.run(LoginContext.java:682)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext中$ 4.run(LoginContext.java:680)的rt.jar:1.8.0_25]
在java.security.AccessController.doPrivileged(本机方法)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)的rt.jar:1.8.0_25]
在javax.security.auth.login.LoginContext.login(LoginContext.java:587)的rt.jar:1.8.0_25]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-的Infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-的Infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-的Infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-的Infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
在org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
在org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
在io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:110) [暗潮核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl $ AuthAttempter.transition(SecurityContextImpl.java:281)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl $ AuthAttempter.transition(SecurityContextImpl.java:298)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl $ AuthAttempter.access 100 $(SecurityContextImpl.java:268)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.handlers predicateHandler.handleRequest(predicateHandler.java:25)。[暗流核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [暗潮核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [暗潮核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [暗潮核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.handlers predicateHandler.handleRequest(predicateHandler.java:25)。[暗流核心-1.0.15.Final.jar:1.0.15.Final]
在org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
在io.undertow.server.handlers predicateHandler.handleRequest(predicateHandler.java:25)。[暗流核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.handlers predicateHandler.handleRequest(predicateHandler.java:25)。[暗流核心-1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227)暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.ServletInitialHandler.access $ 000(ServletInitialHandler.java:73)暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.servlet.handlers.ServletInitialHandler $ 1.handleRequest(ServletInitialHandler.java:146)暗潮-servlet的1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.Connectors.executeRootHandler(Connectors.java:177)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在io.undertow.server.HttpServerExchange $ 1.run(HttpServerExchange.java:727)暗潮 - 核心1.0.15.Final.jar:1.0.15.Final]
在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)的rt.jar:1.8.0_25]
在java.util.concurrent.ThreadPoolExecutor中的$ Worker.run(ThreadPoolExecutor.java:617)的rt.jar:1.8.0_25]
在java.lang.Thread.run(Thread.java:745)的rt.jar:1.8.0_25]
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000236: Begin initialize method
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000262: Module options [dsJndiName: java:/user, principalsQuery: SELECT Hash
FROM account
WHERE ID=?, rolesQuery: SELECT Role
, 'Roles' FROM account WHERE account
.ID
=?, suspendResume: true]
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000240: Begin login method
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000263: Executing query SELECT Hash
FROM account
WHERE ID=? with username 1@2.se
2014-11-29 16:11:08,062 DEBUG [org.jboss.security] (default task-4) PBOX000283: Bad password for username 1@2.com
2014-11-29 16:11:08,062 TRACE [org.jboss.security] (default task-4) PBOX000244: Begin abort method
2014-11-29 16:11:08,062 DEBUG [org.jboss.security] (default task-4) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_25]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_25]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_25]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:111)
at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:82)
at io.undertow.security.impl.BasicAuthenticationMechanism.authenticate(BasicAuthenticationMechanism.java:110) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:281) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:298) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:268) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:131) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:106) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:99) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:54) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:27) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:61) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:25) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:240) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:227) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:73) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:146) [undertow-servlet-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:177) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:727) [undertow-core-1.0.15.Final.jar:1.0.15.Final]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_25]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_25]
这是我ExceptionMapper类(当前设置为捕获所有将Throwable妄图使其工作):
And this is my ExceptionMapper class (currently set to catch all Throwables in a vain attempt to make it work):
@Provider
public class NotAuthorizedExceptionMapper implements ExceptionMapper<Throwable>{
@Override
public Response toResponse(Throwable exception) {
Response response = Response.status(Response.Status.UNAUTHORIZED).build();
response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
response.getHeaders().putSingle("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, allow, content-length, date, last-modified");
return response;
}
我能做些什么来捕捉这些认证例外,因而追加CORS给他们?
What can I do to catch these authentication Exceptions and thus append CORS to them?
推荐答案
在结束我设法弄清楚,你可以添加自定义页眉到所有的非误差的通过修改上Wildfly传出响应配置文件(standalone.xml)。这解决了这个问题对我来说:
In the end I managed to figure out that you can add custom headers to all non-error outgoing responses on Wildfly by modifying the configuration file (standalone.xml). This solved the problem for me:
<subsystem xmlns="urn:jboss:domain:undertow:1.1">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="default" socket-binding="https" security-realm="ApplicationRealm"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="cors-origin"/>
<filter-ref name="cors-methods"/>
<filter-ref name="cors-headers"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="cors-origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="cors-methods" header-name="Access-Control-Allow-Methods" header-value="OPTIONS, GET, POST, PUT, DELETE"/>
<response-header name="cors-headers" header-name="Access-Control-Allow-Headers" header-value="origin, content-type, accept, authorization, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, allow, content-length, date, last-modified, if-modified-since"/>
</filters>
</subsystem>
编辑:原来Wildfly不追加CORS头未经授权的响应,但是当它运行到500错误,很整齐地忽略它们。关于如何解决此问题的任何想法将是非常美联社preciated。
Turns out Wildfly isn't appending the CORS headers to unauthorized responses, but when it runs into 500-errors it very neatly ignores them. Any idea on how to fix this would be highly appreciated.
这篇关于如何捕捉FailedLoginException在Picketbox /暗潮上Wildfly 8应用CORS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!