我有一个基于struts 1.3的J2EE应用程序,它运行在JBoss 4.4.2上。我正在尝试将其迁移到Wildfly 10.我可以在WF中进行一些修改后部署应用程序。但是自定义登录模块无法正常工作。以下是片段:
登录模块:
public class HRWorksLoginModule extends UsernamePasswordLoginModule {
@Override
public boolean login() throws LoginException {
System.out.println("Inside login()");
super.loginOk = false;
String[] info = getUsernameAndPassword();
System.out.println("info:");
String name = info[0];
System.out.println("name:" + name);
String password = info[1];
System.out.println("Inside login()");
if (name == null || password == null ) {
throw new LoginException("Either Username or password is not available");
}
this.identity = new HRWorksPrincipal(name);
if (!validatePassword(password)) {
//validatePassword() -> implements application logic to validate the password
throw new LoginException("Please enter the valid Password.");
}
sharedState.put("javax.security.auth.login.name", name);
sharedState.put("javax.security.auth.login.password", credential);
super.loginOk = true;
return true;
}
@Override
public boolean commit() throws LoginException {
return true;
}
@Override
protected String getUsersPassword() throws LoginException {
return null;
}
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
return true;
}
@Override
protected Group[] getRoleSets() throws LoginException {
System.out.println("Inside getRoleSets()");
Group group = new SimpleGroup("Roles");
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
callerPrincipal.addMember(identity);
//Add more application roles to callerPrincipal
return new Group[] {group, callerPrincipal};
}
}
独立-full.xml:
<security-domain name="hrworks" cache-type="default">
<authentication>
<login-module code="in.hinote.security.auth.HRWorksLoginModule" flag="required" module="in.hrworks.loginmodule">
<module-option name="principalClass" value="in.hinote.security.HRWorksPrincipal"/>
<module-option name="dsJndiName" value="java:jboss/datasources/Appscale"/>
</login-module>
</authentication>
<authorization>
<policy-module code="PermitAll" flag="required"/>
</authorization>
</security-domain>
的web.xml:
<security-constraint>
<display-name>Login</display-name>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>*.do</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>*</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>hrworks</realm-name>
<form-login-config>
<form-login-page>/UserLogin.jsp</form-login-page>
<form-error-page>/UserLogin.jsp</form-error-page>
</form-login-config>
</login-config>
的JBoss-web.xml中:
<security-domain>hrworks</security-domain>
在调试时,我可以看到login()返回没有任何错误。但请求未被重定向到实际的应用程序URL。相反,它再次向我显示登录页面。我注意到的一件事是,它没有调用getRoleSets()方法。我在日志中看不到任何错误。它只是再次向我显示登录页面!
我在这里犯了什么错吗?非常感谢您的帮助。