1.1.6.3. fejezet, Wildfly 33
Beküldte pzoli - 2024, július 22 - 8:18du
Elytron konfigurálása JDBC Realm-al
<subsystem xmlns="urn:jboss:domain:datasources:7.1"> <datasources> ... <datasource jndi-name="java:jboss/datasources/elytronDS" pool-name="elytronDS" enabled="true" use-java-context="true"> <connection-url>jdbc:postgresql://localhost:5432/elytron?charSet=UTF8</connection-url> <driver>org.postgresql</driver> <security user-name="USERNAME" password="PASSWORD"/> </datasource> ... <drivers> ... <driver name="org.postgresql" module="org.postgresql"> <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class> </driver> ... </drivers> </datasources> </subsystem> <subsystem xmlns="urn:wildfly:elytron:community:18.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto"> ... <security-domains> ... <security-domain name="servlet-security-quickstart-sd" default-realm="servlet-security-jdbc-realm" permission-mapper="default-permission-mapper"> <realm name="servlet-security-jdbc-realm"/> </security-domain> ... </security-domains> <security-realms> ... <jdbc-realm name="servlet-security-jdbc-realm"> <principal-query sql="SELECT PASSWORD FROM USERS WHERE USERNAME = ?" data-source="elytronDS"> <simple-digest-mapper algorithm="simple-digest-sha-256" password-index="1"/> </principal-query> <principal-query sql="SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?" data-source="elytronDS"> <attribute-mapping> <attribute to="Roles" index="1"/> </attribute-mapping> </principal-query> </jdbc-realm> ... </security-realms> </subsystem> <subsystem xmlns="urn:jboss:domain:undertow:14.0" default-virtual-host="default-host" default-servlet-container="default" default-server="default-server" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}" default-security-domain="other"> ... <application-security-domains> <application-security-domain name="servlet-security-quickstart" security-domain="servlet-security-quickstart-sd"/> </application-security-domains> ... </subsystem>
Adatbázis az authentikációhoz
CREATE TABLE USERS (ID INT, USERNAME VARCHAR(20), PASSWORD VARCHAR(50)); CREATE TABLE ROLES (ID INT, NAME VARCHAR(20)); CREATE TABLE USERS_ROLES (USER_ID INT, ROLE_ID INT); INSERT INTO USERS (ID, USERNAME, PASSWORD) VALUES (1, 'quickstartUser', 'jjXCzTv2ZBvbDiBQt2kyy7LmA0oN2swdm+qCprpX988='); -- passwd: 'q' INSERT INTO USERS (ID, USERNAME, PASSWORD) VALUES (2, 'guest', 'jjXCzTv2ZBvbDiBQt2kyy7LmA0oN2swdm+qCprpX988='); -- passwd: 'q' INSERT INTO ROLES (ID, NAME) VALUES (1, 'ROLE_ADMIN'); INSERT INTO ROLES (ID, NAME) VALUES (2, 'ROLE_USER'); INSERT INTO USERS_ROLES (USER_ID, ROLE_ID) VALUES (1,1); INSERT INTO USERS_ROLES (USER_ID, ROLE_ID) VALUES (2,2);
SecuredServlet.java
@WebServlet("/SecuredServlet") @ServletSecurity(@HttpConstraint(rolesAllowed = { "ROLE_ADMIN" })) public class SecuredServlet extends HttpServlet { private static String PAGE_HEADER = "<html><head><title>servlet-security</title></head><body>"; private static String PAGE_FOOTER = "</body></html>"; @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { PrintWriter writer = resp.getWriter(); // Get security principal Principal principal = req.getUserPrincipal(); // Get user name from login principal String remoteUser = req.getRemoteUser(); // Get authentication type String authType = req.getAuthType(); writer.println(PAGE_HEADER); writer.println("<h1>" + "Successfully called Secured Servlet " + "</h1>"); writer.println("<p>" + "Principal : " + principal.getName() + "</p>"); writer.println("<p>" + "Remote User : " + remoteUser + "</p>"); writer.println("<p>" + "Authentication Type : " + authType + "</p>"); writer.println(PAGE_FOOTER); writer.close(); } }
web.xml
<?xml version="1.0"?> <web-app version="6.0" xmlns="https://jakarta.ee/xml/ns/jakartaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"> <security-constraint> <web-resource-collection> <web-resource-name>MyDomain admin users</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ROLE_ADMIN</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>ROLE_USER</role-name> </security-role> <security-role> <role-name>ROLE_ADMIN</role-name> </security-role> <!-- Configure login to be HTTP Basic --> <login-config> <auth-method>BASIC</auth-method> <realm-name>RealmUsersRoles</realm-name> </login-config> </web-app>
- A hozzászóláshoz be kell jelentkezni