我曾在web.xml中使用基于表单的login-config元素进行容器管理身份验证,过去使用了tomcat,jboss和glassfish中用户的jdbc数据源,但weblogic中所需的配置非常复杂。我已经设法通过遵循本教程http://biemond.blogspot.gr/2008/12/using-database-tables-as-authentication.html创建了一个链接到数据源的身份验证提供程序但是当我的用户登录时,HttpServletRequest.isUserInRole对我在web.xml中定义的角色返回false显然是因为我没有将用户映射到的组映射到任何角色。我有一个非常简单的数据库,其中有一个表USERS,其列有" email"这是用户名和列"密码"这是密码。表USERS_GROUPS还包含用户和组之间的映射。它有两列"电子邮件"和" groupname"。我还创建了一个身份验证提供程序"安全领域摘要> myrealm> Providers> WEB_DEMO_SQLAuthenticator"。我已经设置了所需的所有查询,并且我的域中的config.xml具有以下格式:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>demoWebApp</name>
<domain-version>12.1.3.0.0</domain-version>
<security-configuration>
<name>demoWebApp</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType">
<sec:name>DefaultAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:name>DefaultIdentityAsserter</sec:name>
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:sql-authenticatorType">
<sec:name>WEB_DEMO_SQLAuthenticator</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:data-source-name>WEB_DEMO</wls:data-source-name>
<wls:plaintext-passwords-enabled>true</wls:plaintext-passwords-enabled>
<wls:descriptions-supported>false</wls:descriptions-supported>
<wls:sql-get-users-password>SELECT PASSWORD FROM USERS WHERE EMAIL = ?</wls:sql-get-users-password>
<wls:sql-user-exists>SELECT EMAIL FROM USERS WHERE EMAIL = ?</wls:sql-user-exists>
<wls:sql-list-member-groups>SELECT EMAIL FROM USERS_GROUPS WHERE EMAIL = ?</wls:sql-list-member-groups>
<wls:sql-list-users>SELECT EMAIL FROM USERS WHERE EMAIL LIKE ?</wls:sql-list-users>
<wls:sql-list-groups>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME LIKE ?</wls:sql-list-groups>
<wls:sql-group-exists>SELECT GROUPNAME FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-group-exists>
<wls:sql-is-member>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-is-member>
<wls:password-style>PLAINTEXT</wls:password-style>
<wls:sql-remove-user>DELETE FROM USERS WHERE EMAIL = ?</wls:sql-remove-user>
<wls:sql-remove-group-memberships>DELETE FROM USERS_GROUPS WHERE EMAIL = ? OR GROUPNAME = ?</wls:sql-remove-group-memberships>
<wls:sql-set-user-password>UPDATE USERS SET PASWORD = ? WHERE EMAIL = ?</wls:sql-set-user-password>
<wls:sql-create-group>INSERT INTO USERS_GROUPS VALUES ( ? , ? )</wls:sql-create-group>
<wls:sql-add-member-to-group>INSERT INTO USERS_GROUPS VALUES( ?, ?)</wls:sql-add-member-to-group>
<wls:sql-remove-member-from-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL = ?</wls:sql-remove-member-from-group>
<wls:sql-remove-group>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group>
<wls:sql-remove-group-member>DELETE FROM USERS_GROUPS WHERE GROUPNAME = ?</wls:sql-remove-group-member>
<wls:sql-list-group-members>SELECT EMAIL FROM USERS_GROUPS WHERE GROUPNAME = ? AND EMAIL LIKE ?</wls:sql-list-group-members>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType">
<sec:name>XACMLRoleMapper</sec:name>
</sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType">
<sec:name>XACMLAuthorizer</sec:name>
</sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType">
<sec:name>DefaultAdjudicator</sec:name>
</sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType">
<sec:name>DefaultCredentialMapper</sec:name>
</sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType">
<sec:name>WebLogicCertPathProvider</sec:name>
</sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}HT7HPcfOUpYRXY6xa6XuJkpi9HxOSG83CxvdVS9swJI2kHYubpy204U5NvKB9qfP78k8NID6f3MU6YOE8dmCG3XypBM2hs3TFBDVNY+qA/SpNC6Sh89ly0eM0trBaylW</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}O0ZR1sqaUUhJ2dJw6vGSuipZ7/65q3AFcGqf8uenlUs=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<ssl>
<name>AdminServer</name>
<enabled>true</enabled>
</ssl>
<listen-address></listen-address>
<web-service>
<name>AdminServer</name>
<web-service-persistence>
<name>AdminServer</name>
<web-service-logical-store>
<name>WseeStore</name>
<persistence-strategy>LOCAL_ACCESS_ONLY</persistence-strategy>
<request-buffering-queue-jndi-name>weblogic.wsee.BufferedRequestQueue</request-buffering-queue-jndi-name>
<response-buffering-queue-jndi-name>weblogic.wsee.BufferedResponseQueue</response-buffering-queue-jndi-name>
</web-service-logical-store>
</web-service-persistence>
</web-service>
<coherence-cluster-system-resource>defaultCoherenceCluster</coherence-cluster-system-resource>
</server>
<production-mode-enabled>true</production-mode-enabled>
<embedded-ldap>
<name>demoWebApp</name>
<credential-encrypted>{AES}ZJssc/1PU9tdjuviahUTvExJtL9ksS4c+7zKUC1IEJfl13jH/gns/tIil0D2g+rN</credential-encrypted>
</embedded-ldap>
<configuration-version>12.1.3.0.0</configuration-version>
<app-deployment>
<name>state-management-provider-memory-rar-12.1.3</name>
<target>AdminServer</target>
<module-type>rar</module-type>
<source-path>C:/Oracle/Middleware/Oracle_Home/oracle_common/modules/com.oracle.state-management.state-management-provider-memory-rar-impl_12.1.3.rar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</app-deployment>
<app-deployment>
<name>_auto_generated_ear_</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>C:\dev\eclipse_workspaces\WebAppDemo\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\demoWebApp\_auto_generated_ear_</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode xsi:nil="true"></staging-mode>
<plan-staging-mode xsi:nil="true"></plan-staging-mode>
<cache-in-app-directory>false</cache-in-app-directory>
</app-deployment>
<jms-server>
<name>WseeJaxwsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeJaxwsFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeFileStore</persistent-store>
</jms-server>
<jms-server>
<name>WseeSoapjmsJmsServer</name>
<target>AdminServer</target>
<persistent-store>WseeSoapjmsFileStore</persistent-store>
</jms-server>
<self-tuning>
<work-manager>
<name>weblogic.wsee.jaxws.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
<work-manager>
<name>weblogic.wsee.mdb.DispatchPolicy</name>
<target>AdminServer</target>
</work-manager>
</self-tuning>
<file-store>
<name>WseeJaxwsFileStore</name>
<directory>WseeJaxwsFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeFileStore</name>
<directory>WseeFileStore</directory>
<target>AdminServer</target>
</file-store>
<file-store>
<name>WseeSoapjmsFileStore</name>
<directory>WseeSoapjmsFileStore</directory>
<target>AdminServer</target>
</file-store>
<jms-system-resource>
<name>WseeJaxwsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeJaxwsJmsServerSub</name>
<target>WseeJaxwsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejaxwsjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>BEA_JMS_MODULE_SUBDEPLOYMENT_WSEEJMSServer</name>
<target>WseeJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseejmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<jms-system-resource>
<name>WseeSoapjmsJmsModule</name>
<target>AdminServer</target>
<sub-deployment>
<name>WseeSoapjmsJmsServerSub</name>
<target>WseeSoapjmsJmsServer</target>
</sub-deployment>
<descriptor-file-name>jms/wseesoapjmsmodule-jms.xml</descriptor-file-name>
</jms-system-resource>
<admin-server-name>AdminServer</admin-server-name>
<jdbc-system-resource>
<name>WEB_DEMO</name>
<target>AdminServer</target>
<descriptor-file-name>jdbc/WEB_DEMO-1358-jdbc.xml</descriptor-file-name>
</jdbc-system-resource>
<saf-agent>
<name>ReliableWseeJaxwsSAFAgent</name>
<target>AdminServer</target>
<store>WseeJaxwsFileStore</store>
</saf-agent>
<saf-agent>
<name>ReliableWseeSAFAgent</name>
<target>AdminServer</target>
<store>WseeFileStore</store>
</saf-agent>
<coherence-cluster-system-resource>
<name>defaultCoherenceCluster</name>
<descriptor-file-name>coherence/defaultCoherenceCluster-coherence.xml</descriptor-file-name>
</coherence-cluster-system-resource>
</domain>
我可以在weblogic控制台及其关联组中看到我在安全领域摘要myrealm&gt;用户和组下创建的用户,但我基本上不知道如何将组与角色关联。任何人都可以帮助我吗?谢谢!我希望我的组关联角色可以在数据库或weblogic.xml中定义......
答案 0 :(得分:0)
好的,我发现了问题。首先,我的sql-list-member-groups查询错误
从USERS_GROUPS中选择电子邮件,其中EMAIL =?
正确的是:SELECT GROUPNAME FROM USERS_GROUPS WHERE EMAIL =?
其次,组和角色之间的映射是使用此元素
通过weblogic.xml运行时描述符完成的
<wls:security-role-assignment>
<wls:role-name>ADMINISTRATOR</wls:role-name>
<wls:principal-name>ADMINISTRATOR</wls:principal-name>
</wls:security-role-assignment>
在我的情况下,我为组和角色分配了相同的名称。校长实际上也可以参考一个团体!我不知道,我认为它只能引用用户名。