spring - Thorntail - WildFly Elytron 安全远程连接获取身份验证失败:不支持服务器提供的任何机制
问题描述
我已经使用 project-defaults.yml 在 thorntail 应用程序上配置了 WildFly Elytron 安全性。但是,应用程序无法调用或连接到远程安全 EJB
这是 Elytron 的 yaml 配置 - 我不确定这是否正确配置。
thorntail:
elytron:
sasl-authentication-factories:
application-sasl-authentication:
mechanism-configurations:
- mechanism-name: 'GSSAPI'
- mechanism-name: 'PLAIN'
- mechanism-name: 'JBOSS-LOCAL-USER'
- mechanism-name: 'DIGEST-MD5'
- mechanism-realm-configurations:
- realm-name: ApplicationRealm
security-domain: ApplicationDomain
sasl-server-factory: configured
authentication-configurations:
default:
security-domain: ApplicationDomain
sasl-mechanism-selector: 'PLAIN'
security-domains:
ApplicationDomain:
realms:
- realm: ApplicationRealm
default-realm: ApplicationRealm
remoting:
http-connectors:
http-remoting-connector:
sasl-security:
policy-sasl-policy:
no-plain-text: false
include-mechanisms:
- 'PLAIN'
sasl-authentication-factory: application-sasl-authentication
security-realm: ApplicationRealm
connector-ref: default
management:
https:
port: 9993
http:
port: 9990
security-realms:
ApplicationRealm:
jaas-authentication:
name: AppSecDom
ssl-server-identity:
alias: 'alias'
keystore-provider: PKCS12
keystore-path: ${javax.net.ssl.keyStore}
keystore-password: ${javax.net.ssl.keyStorePassword}
从客户端这就是我尝试连接到 EJB 的方式。
public final static AuthenticationContext authenticationContext() throws Exception{
LOG.info("***********Start AUTHENTICATION*****************." );
try{
AuthenticationConfiguration config = AuthenticationConfiguration.empty().setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism("#ALL")).
useName("username").usePassword("password");
final AuthenticationContext authCtx = AuthenticationContext.empty().
with(MatchRule.ALL, config);
ContextManager<AuthenticationContext> contextManager = authCtx.getInstanceContextManager();
contextManager.setThreadDefault(authCtx);
return contextManager.get();
}catch (Exception e){
LOG.error("Error authentication : " + e);
throw new Exception(e);
}
}
来自控制台的错误。
Suppressed: org.jboss.ejb.client.RequestSendFailedException: Destination @ remote+http://127.0.0.1:8080
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:104)
at org.jboss.ejb.protocol.remote.RemoteEJBReceiver$1.handleFailed(RemoteEJBReceiver.java:76)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
Caused by: javax.security.sasl.SaslException: Authentication failed: none of the mechanisms presented by the server (GSSAPI, JBOSS-LOCAL-USER, GS2-KRB5-PLUS, GS2-KRB5, ANONYMOUS) are supported
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:444)
at org.jboss.remoting3.remote.ClientConnectionOpenListener$Capabilities.handleEvent(ClientConnectionOpenListener.java:242)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.conduits.ReadReadyHandler$ChannelListenerHandler.readReady(ReadReadyHandler.java:66)
at org.xnio.nio.NioSocketConduit.handleReady(NioSocketConduit.java:89)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:591)
at ...asynchronous invocation...(Unknown Source)
请协助解决这个问题,因为我不确定我接下来需要做什么。
解决方案
以下 yaml 配置有效。
thorntail:
elytron:
simple-role-decoders:
from-roles-attribute:
attribute: roles
jdbc-realms:
app-jdbc-realm:
principal-query:
- sql: SELECT PASSWORD FROM USERS WHERE USERNAME = ?
data-source: TestDS
clear-password-mapper:
password-index: 1
- sql: SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?
data-source: TestDS
attribute-mapping:
- index: 1
to: roles
sasl-authentication-factories:
application-sasl-authentication:
mechanism-configurations:
- mechanism-name: 'PLAIN'
- mechanism-realm-configurations:
- realm-name: app-jdbc-realm
security-domain: ApplicationDomain
sasl-server-factory: configured
security-domains:
ApplicationDomain:
realms:
- realm: app-jdbc-realm
role-decoder: from-roles-attribute
default-realm: app-jdbc-realm
remoting:
http-connectors:
http-remoting-connector:
sasl-authentication-factory: application-sasl-authentication
security-realm: ApplicationRealm
connector-ref: default
有关更详细的说明 - 包括为用户身份验证详细信息创建模式表的 sql 脚本。
https://developer.jboss.org/thread/280474
https://github.com/wildfly-security-incubator/elytron-examples
推荐阅读
- .net - 如何允许 ABP 在 .NET MVC 项目中检索您的计算机 ID
- javascript - 在 vue 中使用爱普生 SDK
- java - 如果我们在java中通过字符串文字String A = "hel"+"lo"; 字符串 B = "lo"; 字符串 C = "hel"+B; . A == C 为真但显示为假
- c# - 有没有办法为项目中的所有方法/类生成 XML 样式的注释?
- selenium-webdriver - 按名称查找网络元素
- javascript - Express 传递的 req.body.variable 在 SOAP API 调用的主体中为空
- spring - spring 和 hibernate 不能与 mysql8 一起工作
- cmake - 我如何告诉 cmake mbed-os 已经构建并且可以重用?
- css - 如何在蚂蚁设计中对子菜单进行分组
- laravel-dusk - 在 Laraval Dusk Automation 上通过 Docker Machine 执行测试时,Chrome 浏览器崩溃