如何在Jboss7.1中配置简单身份验证 [英] How to configure simple authentication in Jboss7.1

问题描述

我正在处理由纯jsps（scriptlets）编写的项目而不使用任何框架。

I am working on project written by pure jsps(scriptlets) without using any frameworks.

jboss版本：jboss-as-7.1 .0.Final

jboss version: jboss-as-7.1.0.Final

我现在正在尝试添加简单的身份验证。因此，当用户尝试浏览jsps时，比如 http：//localhost/myContextPath/hello.jsp ，它需要先登录。

I am now trying to add simple authentication on it. So when user try to browser the jsps, say, http://localhost/myContextPath/hello.jsp, it requires a login first.

web.xml

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
</login-config>

jboss-web.xml

<jboss-web>
<security-domain>other</security-domain>
</jboss-web>

standalone.xml（[jboss_home] \ standalone \configuration folder）

<subsystem xmlns="urn:jboss:domain:security:1.1">
        <security-domains>
            <security-domain name="other" cache-type="default">
                <authentication>
                    <login-module code="UsersRoles" flag="required">
                        <module-option name="usersProperties" value="users.properties"/>
                        <module-option name="rolesProperties" value="roles.properties"/>
                    </login-module>
                </authentication>
            </security-domain>
            <security-domain name="form-auth">
                <authentication>
                    <login-module code="UsersRoles" flag="required">
                        <module-option name="usersProperties" value="users.properties"/>
                        <module-option name="rolesProperties" value="roles.properties"/>
                    </login-module>
                </authentication>
            </security-domain>
        </security-domains>
    </subsystem>

users.properties（置于webapp classes文件夹下）

user1=jboss7

roles.properties（置于webapp类文件夹下）

user1=Admin

经过所有这些修改后，我尝试浏览我的hello jsp。我像往常一样工作。没有身份验证也没有例外。

After all these modifications, I try to browser my hello jsp. I works as usual. No authentication and also no exception.

我不确定我是朝着正确的方向发展，还是安全约束是完全不同的事情。
请帮忙，谢谢！

I am not sure am I going to a right direction, or security constraint is a completely different things. Please help, thanks!!!

推荐答案

只需按照此步骤设置基本身份验证7.1的步骤文章。

Just set up the BASIC authentication for 7.1 following steps from this article.

试试这个。

<security-constraint>
    <web-resource-collection>
        <web-resource-name>All Access</web-resource-name>
        <url-pattern>/*</url-pattern>
        <http-method>DELETE</http-method>
        <http-method>PUT</http-method>
        <http-method>HEAD</http-method>
        <http-method>OPTIONS</http-method>
        <http-method>TRACE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>

<security-role>
    <role-name>user</role-name>
</security-role>

jboss-web.xml

jboss-web.xml

<jboss-web>
    <security-domain>java:/jaas/other</security-domain>
</jboss-web>

standalone.xml

不要如果您使用 ApplicationRealm ，则需要执行任何操作。

standalone.xml

Don't need to do anything if you are using ApplicationRealm.

您可以使用jboss提供的工具将用户添加到 ApplicationRealm 。

You can add users to ApplicationRealm using tools provided by jboss.

来自％JBOSS_HOME％/ bin 。使用 add-user.bat（或）add-user.sh 工具。

C:\dev\jboss-eap-6.2\bin>add-user

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.
Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : johngalt
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: user
About to add user 'johngalt' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-users.properties'
Added user 'johngalt' to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-users.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\standalone\configuration\application-roles.properties'
Added user 'johngalt' with groups user to file 'C:\dev\jboss-eap-6.2\domain\configuration\application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? no
Press any key to continue . . .

C:\dev\jboss-eap-6.2\bin>

这对我有用

这篇关于如何在Jboss7.1中配置简单身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！