我使用project-defaults.yml在thorntail应用程序上配置了WildFly Elytron Security。然而,该应用程序无法调用或连接到远程安全EJB。
这里是Elytron的yaml配置--我不知道这是否是正确的配置。
thorntail:
elytron:
sasl-authentication-factories:
application-sasl-authentication:
mechanism-configurations:
- mechanism-name: 'GSSAPI'
- mechanism-name: 'PLAIN'
- mechanism-name: 'JBOSS-LOCAL-USER'
- mechanism-name: 'DIGEST-MD5'
- mechanism-realm-configurations:
- realm-name: ApplicationRealm
security-domain: ApplicationDomain
sasl-server-factory: configured
authentication-configurations:
default:
security-domain: ApplicationDomain
sasl-mechanism-selector: 'PLAIN'
security-domains:
ApplicationDomain:
realms:
- realm: ApplicationRealm
default-realm: ApplicationRealm
remoting:
http-connectors:
http-remoting-connector:
sasl-security:
policy-sasl-policy:
no-plain-text: false
include-mechanisms:
- 'PLAIN'
sasl-authentication-factory: application-sasl-authentication
security-realm: ApplicationRealm
connector-ref: default
management:
https:
port: 9993
http:
port: 9990
security-realms:
ApplicationRealm:
jaas-authentication:
name: AppSecDom
ssl-server-identity:
alias: 'alias'
keystore-provider: PKCS12
keystore-path: ${javax.net.ssl.keyStore}
keystore-password: ${javax.net.ssl.keyStorePassword}
从客户端,这是我尝试连接到EJB的方式。
public final static AuthenticationContext authenticationContext() throws Exception{
LOG.info("***********Start AUTHENTICATION*****************." );
try{
AuthenticationConfiguration config = AuthenticationConfiguration.empty().setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("#ALL")).
useName("username").usePassword("password");
final AuthenticationContext authCtx = AuthenticationContext.empty().
with(MatchRule.ALL, config);
ContextManager<AuthenticationContext> contextManager = authCtx.getInstanceContextManager();
contextManager.setThreadDefault(authCtx);
return contextManager.get();
}catch (Exception e){
LOG.error("Error authentication : " + e);
throw new Exception(e);
}
}
控制台出错。
Suppressed: org.jboss.ejb.client.RequestSendFailedException: Destination @ remote+http://127.0.0.1:8080
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:104)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:76)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (GSSAPI, JBOSS-LOCAL-USER, GS2-KRB5-PLUS, GS2-KRB5, ANONYMOUS) are supported
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:444)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
at ...asynchronous invocation...(Unknown Source)
请协助解决这个问题,因为我不知道接下来我需要做什么。
下面的yaml配置成功了。
thorntail:
elytron:
simple-role-decoders:
from-roles-attribute:
attribute: roles
jdbc-realms:
app-jdbc-realm:
principal-query:
- sql: SELECT PASSWORD FROM USERS WHERE USERNAME = ?
data-source: TestDS
clear-password-mapper:
password-index: 1
- sql: SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?
data-source: TestDS
attribute-mapping:
- index: 1
to: roles
sasl-authentication-factories:
application-sasl-authentication:
mechanism-configurations:
- mechanism-name: 'PLAIN'
- mechanism-realm-configurations:
- realm-name: app-jdbc-realm
security-domain: ApplicationDomain
sasl-server-factory: configured
security-domains:
ApplicationDomain:
realms:
- realm: app-jdbc-realm
role-decoder: from-roles-attribute
default-realm: app-jdbc-realm
remoting:
http-connectors:
http-remoting-connector:
sasl-authentication-factory: application-sasl-authentication
security-realm: ApplicationRealm
connector-ref: default
更详细的解释--包括为用户认证细节创建模式表的sql脚本。
https:/developer.jboss.orgthread280474
https:/github.comwildfly-security-incubatorelytron-examples。