JAAS CustomLoginModule未调用用户登录的第二个位置 [英] JAAS CustomLoginModule not called for second location a user logs in
问题描述
我们在JBoss EAP 6.2中为JAAS实现了 CustomLoginModule扩展UsernamePasswordLoginModule
。
We implemented a CustomLoginModule extends UsernamePasswordLoginModule
for JAAS in JBoss EAP 6.2.
登录模块包含的功能需要在每次登录时处理,并且对于某些登录,似乎不会调用 CustomLoginModule
。
The login module contains functionality that needs to be handled every login and it appears that for some logins, the CustomLoginModule
is not called.
我们注意到当用户在两个不同的位置登录时,第二次登录永远不会进入 CustomLoginModule
方法: initialize,login,logout,getRoleSets,getUsersPassword,createPasswordHash ,validatePassword
。
似乎已登录用户的密码和角色被缓存并重新使用。
We notice that when a user logs in at two separate locations, the second login never enters the CustomLoginModule
methods: initialize, login, logout, getRoleSets, getUsersPassword, createPasswordHash, validatePassword
.
It seems like the logged in user's password and roles are cached and reused.
如果第二个用户使用错误的密码登录,则调用validatePassword方法。
If the second user logs in with a wrong password, the validatePassword method is called.
所以我的问题是:如何强制每次登录都通过 CustomLoginModule
?
So my question is: how can I force every login to go through the CustomLoginModule
?
推荐答案
我对实现自定义JaasSecurityManagerService mbean的可能解决方案感到困惑,或者至少定义它的DefaultCacheTimeout: link 和链接
I was confused by possible solutions implementing a custom JaasSecurityManagerService mbean, or at least define it's DefaultCacheTimeout: link and link
答案证明更简单,我从这里(滚动到Darren Jones为Wildfly做出的回答,由Artur Mio补充duszewski for EAP6.1)。
The answer proved much simpler, and I got it from here (scroll to the answer by Darren Jones for Wildfly, complemented by Artur Mioduszewski for EAP6.1).
我使用EAP 6.2,因此在我的standalone.xml中使用了以下配置
I use EAP 6.2, so used the following configuration in my standalone.xml
<subsystem xmlns="urn:jboss:domain:infinispan:1.4">
<cache-container name="security" default-cache="auth-cache">
<local-cache name="auth-cache" batching="true">
<expiration lifespan="*INSERT_CACHE_TIMEOUT_IN_MILLIS"/>
</local-cache>
</cache-container>
...
<security-domain name="myJaasDomain" cache-type="infinispan">
将超时设置为0表示未定义的行为,因此我使用了1 ms。
Setting the timeout to 0 shows undefined behaviour, so I used 1 ms.
这篇关于JAAS CustomLoginModule未调用用户登录的第二个位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!