Servlet Security on Wildfly
1
Estou tentando executar um projeto básico com um servlet que requer uma função específica.
No arquivo de configuração standalone.xml, adicionei uma fonte de dados com uma ligação JDBC a um banco de dados derby contendo a tabela que permite autenticação e autorização definidas em um domínio de segurança específico que eu adicionei no mesmo arquivo
<datasource jndi-name="java:jboss/datasources/TestDS" pool-name="TestDS" enabled="true">
<connection-url>jdbc:derby://localhost:1527/JPADB</connection-url>
<driver-class>org.apache.derby.jdbc.ClientDriver</driver-class>
<driver>derbyclient.jar</driver>
<transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation>
<pool>
<min-pool-size>10</min-pool-size>
<max-pool-size>100</max-pool-size>
<prefill>true</prefill>
</pool>
<security>
<user-name>user</user-name>
<password>passw0rd</password>
</security>
<statement>
<prepared-statement-cache-size>32</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
...
<security-domains>
<security-domain name="testDomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/TestDS"/>
<module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
</login-module>
</authentication>
<authorization>
<policy-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/school"/>
<module-option name="rolesQuery" value="SELECT role, 'Roles' FROM users WHERE username=?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="principalsQuery" value="SELECT password from users WHERE username=?"/>
</policy-module>
</authorization>
</security-domain>
Agora implementei um Dynamic Web Project e, na pasta / WebContent / WEB-INF, criei um arquivo jboss-web.xml
comesteconteúdo
<?xmlversion="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>testDomain</security-domain>
</jboss-web>
e um arquivo web.xml com este conteúdo
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>WebApp</display-name>
<welcome-file-list>
<welcome-file>/webappname/index.xhtml</welcome-file>
</welcome-file-list>
<!--Defining security constraint for type of roles available-->
<security-constraint>
<web-resource-collection>
<web-resource-name>administrator</web-resource-name>
<url-pattern>/webappname/MyServlet/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>ADMINISTRATOR</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>school</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/error.xhtml</form-error-page>
</form-login-config>
</login-config>
<!--Defining type of authenitcation mechanism-->
<!--Denining security role-->
<security-role>
<role-name>ADMINISTRATOR</role-name>
</security-role>
<security-role>
<role-name>USER</role-name>
</security-role>
<!--Denining security role-->
</web-app>
O servidor é iniciado sem erros. O problema é que quando eu tento acessar a URL do servlet link , a página é renderizada corretamente e nenhuma autenticação é necessária.
por Sindico
21.10.2017 / 21:54