open-liberty - 如何在 Open Liberty 中提供自己的 HttpAuthenticationMechanism 实现
问题描述
在我在Open Liberty 21.0.0.8上运行的一个简单应用程序中,我提供了一个实现HttpAuthenticationMechanism:
// imports omitted
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(
loginPage = "/login.xhtml",
errorPage = "",
useForwardToLogin = false))
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject
private IdentityStoreHandler identityStoreHandler;
@Override
public AuthenticationStatus validateRequest(HttpServletRequest request,
HttpServletResponse response,
HttpMessageContext context) throws AuthenticationException {
Credential credential = context.getAuthParameters().getCredential();
if (credential != null) {
return context.notifyContainerAboutLogin(identityStoreHandler.validate(credential));
}
else {
return context.doNothing();
}
}
}
我希望 Open Liberty 能够将该实现HttpAuthenticationMechanism投入使用。但是,在 Open Liberty 启动时javax.enterprise.inject.spi.DeploymentException会抛出一个:
[INFO] [ERROR ] CWWKS1925E: The deployment for the dsgvo-management.war module in the dsgvo-management application failed because of multiple HttpAuthenticationMechanism implementations: de.knusperfisch.dsgvo.app.security.control.CustomAuthenticationMechanism, com.ibm.ws.security.javaeesec.cdi.beans.CustomFormAuthenticationMechanism. This failure is likely an application packaging issue. Make sure that each module has only one HttpAuthenticationMechanism implementation.
[INFO] [ERROR ] CWWKZ0004E: An exception occurred while starting the application dsgvo-management. The exception message was: com.ibm.ws.container.service.state.StateChangeException: org.jboss.weld.exceptions.DefinitionException: Exception List with 1 exceptions:
[INFO] Exception 0 :
[INFO] javax.enterprise.inject.spi.DeploymentException: CWWKS1925E: The deployment for the dsgvo-management.war module in the dsgvo-management application failed because of multiple HttpAuthenticationMechanism implementations: de.knusperfisch.dsgvo.app.security.control.CustomAuthenticationMechanism, com.ibm.ws.security.javaeesec.cdi.beans.CustomFormAuthenticationMechanism. This failure is likely an application packaging issue. Make sure that each module has only one HttpAuthenticationMechanism implementation.
[INFO] at com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.verifyConfiguration(JavaEESecCDIExtension.java:893)
[INFO] at com.ibm.ws.security.javaeesec.cdi.extensions.JavaEESecCDIExtension.afterBeanDiscovery(JavaEESecCDIExtension.java:173)
Java EE 安全 API 声明:
如果需要,应用程序可以提供自己的 HttpAuthenticationMechanism。
和:
一个 HttpAuthenticationMechanism 必须是一个 CDI bean,因此如果它被打包在一个 bean 档案中,那么它就可以通过 CDI 对容器可见,它通常包括 Java EE 模块和应用程序档案 [...]
HttpAuthenticationMechanism 的定义必须可能存在于应用程序存档中 [...]
Open Liberty 中是否有一种方法可以HttpAuthenticationMechanism从应用程序存档中为应用程序配置特定的配置,如果有,这是如何完成的?
解决方案
乍一看,如错误消息所示,似乎有多个 HttpAuthMechanisms 处于活动状态,这是不允许的。是否有任何应用程序正在使用 @CustomFormAuthenticationMechanismDefinition 注释,除了您的 CustomAuthenticationMechanism 之外,它还会引入默认的 com.ibm.ws.security.javaeesec.cdi.beans.CustomFormAuthenticationMechanism AuthMech ?
推荐阅读
- azure - Velero 部署失败 - 无法找到 Azure /credentials/cloud 文件
- python - 尝试使用 catch 验证 Python 中的输入
- tfs - TFS 2013 团队构建 - 排队构建保持进行中状态
- ansible - 使用 ansible inventory_hostname 模式匹配字母数字
- r - 循环通过按列变量分组的函数
- java - OpenJDK 11.0.4 在类路径中有 java-atk-wrapper.jar
- python - 在 openpyxl 包中我可以在哪里找到 load_workbook() 功能?
- dictionary - 错误:运行 scipy.optimization.minimize-function 时“'dict'对象没有属性'lower'”
- python - Ray.Tune 在哪里创建模型与实现扰动超参数
- dart - 在 DART 中的地图列表中查找