我为 WildFly 10 编写了一个可以运行的自定义登录模块。但是每个 http 请求都会调用 validatePassword 方法,即使在成功登录之后也是如此。如何防止这些额外的登录验证?
package my.company.security;
import java.security.acl.Group;
import java.util.List;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import my.company.myapp.boundary.UserManager;
public class MyLoginModule extends UsernamePasswordLoginModule {
private static final String ROLES_GROUP_NAME = "Roles";
@Override
protected String getUsersPassword() throws LoginException {
return "";
}
@Override
protected boolean validatePassword(final String inputPassword, final String expectedPassword) {
boolean login = false;
try {
UserManager userManager = getUserManager();
System.out.println("call");
login = userManager.verifyLogin(getUsername(), inputPassword);
} catch (LoginException e) {
setValidateError(e);
}
return login;
}
@Override
protected Group[] getRoleSets() throws LoginException {
UserManager userManager = getUserManager();
try {
List<String> roles = userManager.getUserRoleNames(getUsername());
SimpleGroup group = new SimpleGroup(ROLES_GROUP_NAME);
for (String role : roles) {
group.addMember(new SimplePrincipal(role));
}
return new Group[] { group };
} catch (RuntimeException e) {
throw new LoginException(e.getMessage());
}
}
private UserManager getUserManager() throws LoginException {
UserManager userManager;
try {
userManager = (UserManager) new InitialContext().lookup("java:global/myapp/UserManager");
} catch (NamingException e) {
throw new LoginException(e.getMessage());
}
return userManager;
}
}
最佳答案
对于 JBoss/WildFly,登录模块中有两个缓存选项:default 和 infinispan。如果没有指定缓存,则不会有缓存。例如,在默认的standalone.xml 文件中,另一个安全域定义为:
<security-domain name="other" cache-type="default">
关于java - 每个 http 请求都会调用 WildFly 登录模块,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36326215/