Wildfly和JAAS登录模块 [英] Wildfly and JAAS login module

问题描述

我正在玩 Wildfly-9.0.1.Final 和 JAAS 但我没有非常有趣..我实现了我的自定义登录模块：

I'm playing with Wildfly-9.0.1.Final and JAAS but I'm not having so much fun.. I implemented my custom login module:

public class MongoLoginModule implements LoginModule {

@Inject
protected MongoDB mongoDb;
protected Subject subject;
protected Principal identity;
protected boolean loginOk;

private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;

private Logger log = LoggerFactory.getLogger(MongoLoginModule.class);

public boolean abort() throws LoginException {
    log.info("abort!");
    subject = null;
    return true;
}

public boolean commit() throws LoginException {
    // TODO Auto-generated method stub
    log.info("commit!");
    if(loginOk) {
        UserGroup userGroup = new UserGroup("Roles");
        userGroup.addMember(new RolePrincipal("userA"));
        subject.getPrincipals().add(userGroup);
        subject.getPublicCredentials().add(userGroup);
        return true;
    }
    return false;
}

public void initialize(Subject subject, CallbackHandler callbackHandler,
        Map<String, ?> sharedState, Map<String, ?> options) {
    log.info("Initializing MongoLoginModule.");
    this.subject = subject;
    this.callbackHandler = callbackHandler;
    this.sharedState = sharedState;
    this.options = options; 
}

public boolean login() throws LoginException {
    log.info("login requested.");
    NameCallback nameCallback = new NameCallback("username:");
    PasswordCallback passwordCallback = new PasswordCallback("password:", false);
    try {
        callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
        String username = nameCallback.getName();
        String password = new String(passwordCallback.getPassword());
        log.info("check credentials for: "+username);
        if(username.equals("jim") && password.equals("jim")) {
            loginOk = true;
            identity = new UserPrincipal(username);
            subject.getPrincipals().add(identity);
            subject.getPublicCredentials().add(identity);
            return true;
        }
    } catch (IOException e) {
        e.printStackTrace();
    } catch (UnsupportedCallbackException e) {
        e.printStackTrace();
    }

    return false;
}

public boolean logout() throws LoginException {
    if(subject != null && identity != null) {
        subject.getPrincipals().remove(identity);
        return true;
    }
    return false;
}

public Document getUserByName(String userName) {
    FindIterable<Document> results = mongoDb.getCollection().find(new Document("username", userName));
    return results.iterator().next();
}

public void getRoles() {
//      FindIterable<Document> results = mongoDb.getCollection().find(new Document("username", userName));
//      results.iterator().next().get
}

它并不完美，但它现在已经成功了。这个纯JAAS登录模块是我的Wildfly中的一个模块。我以这种方式配置安全域：

It's not perfect but it's enought for now. This pure JAAS login module is a module in my Wildfly. I configure the security domain this way:

<security-domain name="MongoLoginRealm" cache-type="default">
    <authentication>
        <login-module code="it.bytebear.jaas.mongo.module.MongoLoginModule" flag="required" module="login.mongodb">
            <module-option name="mongodb.uri" value="mongodb://localhost:21017/test?collection"/>
        </login-module>
    </authentication>
</security-domain>

我实施了一些RESTful网络服务来做一些测试。我只发布相关代码：

I implemented some RESTful web service to do some test. I'm only posting the relevant code:

...

@POST
@Path("/login")
@PermitAll
@Consumes(MediaType.APPLICATION_JSON)
// @Consumes("application/x-authc-username-password+json")
public Response login(User userCredentials) {
    log.info("logging in.");
    try {
        MongoModuleCallbackHandler handler = new MongoModuleCallbackHandler();
        handler.setUsername(userCredentials.getUserName());
        handler.setPassword(userCredentials.getPassword().toCharArray());
        LoginContext loginContext = new LoginContext("MongoLoginRealm", handler);
        loginContext.login();
        Subject subject = loginContext.getSubject();
        List<String> roles = new ArrayList<String>();
        for (Principal p : subject.getPrincipals()) {
            roles.add(p.getName());
        }
        userCredentials.setRoles((String[]) roles.toArray());
        return Response.ok().entity(userCredentials)
                .type(MediaType.APPLICATION_JSON_TYPE).build();
    } catch (Exception e) {
        log.error("login fails.", e);
        return Response.status(Status.FORBIDDEN).entity("Not logged")
                .type(MediaType.APPLICATION_JSON_TYPE).build();
    }
}
...

web.xml auth-method 是 BASIC 和 realm-name 是 MongoLoginRealm ，与 jboss-web.xml 中使用的相同，实例化 LoginContext 时。当我调用 login 方法时，我遇到了这个异常：

In web.xml auth-method is BASIC and realm-name is MongoLoginRealm, the same used in jboss-web.xml and when instantiating LoginContext. When I invoke the login method I got this exception:

22:39:49,421 ERROR [it.bytebear.web.mongo.UserServices] (default task-1) login fails.: javax.security.auth.login.LoginException: impossibile trovare la classe Login
Module: it.bytebear.jaas.mongo.module.MongoLoginModule from [Module "deployment.MongoWebTest.war:main" from Service Module Loader]
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:822)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
    at it.bytebear.web.mongo.UserServices.login(UserServices.java:66)

我的登录模块从未被执行过。我缺少什么？

My login module is never been executed. What am I missing?

更新：
将登录模块.jar移动到它运行的Web应用程序中。也许我的Wildfly出了点问题。这是我的模块结构：

UPDATE: Moving the login module .jar into the web application it works. Maybe there is something wrong in my Wildfly. Here is my module structure:

%wildfly_home%/modules/system/layers/base/login/mongodb/main/module.xml             
%wildfly_home%/modules/system/layers/base/login/mongodb/main/mongo-java-driver-3.0.3.jar
%wildfly_home%/modules/system/layers/base/login/mongodb/main/MongoLoginModule.jar

这是模块。 xml ：

<module xmlns="urn:jboss:module:1.1" name="login.mongodb">
    <resources>
        <resource-root path="MongoLoginModule.jar"/>
        <resource-root path="mongo-java-driver-3.0.3.jar"/>
    </resources>
    <dependencies>
        <module name="org.apache.log4j"/>
        <module name="javax.api"/>
        <module name="org.slf4j"/>
    </dependencies>
</module>

我必须弄清楚为什么登录模块无法作为Wildfly模块访问。

I have to figure out why the login module isn't reachable as Wildfly module.

推荐答案

我的应用程序找不到该模块，因为我忘了添加 Dependency 给它 MANIFEST 或声明 login.mongodb 作为Wildfly中的全局模块。感谢@kwart的建议和答案，你指出了正确的方向。

My application can't find the module because I forgot to add Dependency to it's MANIFEST or to declare login.mongodb as a global module in Wildfly. Thanks @kwart for your suggestion and your answer, you point me to the right direction.

这篇关于Wildfly和JAAS登录模块的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！