我已经写了WildFly 10自定义登录模块,它的工作原理。但validatePassword方法被调用每一个HTTP请求,即使是成功登录后。如何防止这些额外的登录验证?
package my.company.security;
import java.security.acl.Group;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import my.company.myapp.boundary.UserManager;
public class MyLoginModule extends UsernamePasswordLoginModule {
private static final String ROLES_GROUP_NAME = "Roles";
@Override
protected String getUsersPassword() throws LoginException {
return "";
}
@Override
protected boolean validatePassword(final String inputPassword, final String expectedPassword) {
boolean login = false;
try {
UserManager userManager = getUserManager();
System.out.println("call");
login = userManager.verifyLogin(getUsername(), inputPassword);
} catch (LoginException e) {
setValidateError(e);
}
return login;
}
@Override
protected Group[] getRoleSets() throws LoginException {
UserManager userManager = getUserManager();
try {
List<String> roles = userManager.getUserRoleNames(getUsername());
SimpleGroup group = new SimpleGroup(ROLES_GROUP_NAME);
for (String role : roles) {
group.addMember(new SimplePrincipal(role));
}
return new Group[] { group };
} catch (RuntimeException e) {
throw new LoginException(e.getMessage());
}
}
private UserManager getUserManager() throws LoginException {
UserManager userManager;
try {
userManager = (UserManager) new InitialContext().lookup("java:global/myapp/UserManager");
} catch (NamingException e) {
throw new LoginException(e.getMessage());
}
return userManager;
}
}
对于JBoss / WildFly有在登录模块默认和Infinispan的缓存两种选择。如果没有指定的缓存,然后就没有缓存。例如,在默认standalone.xml文件的其他安全域的定义为:
<security-domain name="other" cache-type="default">