Проверка подлинности внешней базы данных JasperReports Server Community Edition 5.1
Я все еще новичок в технологиях безопасности JasperReports Server и Spring.
Я попытался изменить файл sample-applicationContext-externalAuth-db.xml, поставляемый с сервером jasper, и развернуть его в папке WEB-INF в файле jasperserver.war, в соответствии с jasperreportsserver-auth-cookbook. Когда я пытаюсь войти на JR Server, используя пользователя, определенного в моей внешней базе данных, я получаю следующую ошибку:
[org.springframework.security.event.authentication.LoggerListener] (http-localhost-127.0.0.1-8080-2)
Authentication event AuthenticationFailureBadCredentialsEvent: criser;
details: org.springframework.security.ui.WebAuthenticationDetails@fffed504:
RemoteIpAddress: 127.0.0.1; SessionId: 8RGV5wfImGpJLM3NDsxx0Koc.undefined;
exception: Bad credentials.
Моя внешняя база данных хранит пароли в виде простого текста. Вот мое приложение Context-externalAuth-db.xml:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
<!-- ########## External JDBC Auth ###########
- Sample configuration of JasperServer authentication via an external database
-->
<bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.BaseAuthenticationProcessingFilter">
<property name="authenticationManager">
<ref local="dbAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>
<property name="sessionRegistry">
<ref bean="sessionRegistry"/>
</property>
<property name="internalAuthenticationFailureUrl" value="/login.html?error=15"/>
<property name="defaultTargetUrl" value="/loginsuccess.html"/>
<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
</bean>
<bean id="proxyAuthenticationSoapProcessingFilter"
class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationSoapProcessingFilter">
<property name="authenticationManager" ref="dbAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
</bean>
<bean id="proxyBasicProcessingFilter"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalAuthBasicProcessingFilter">
<property name="authenticationManager" ref="dbAuthenticationManager"/>
<property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
<property name="authenticationEntryPoint">
<ref local="basicProcessingFilterEntryPoint"/>
</property>
</bean>
<bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationRestProcessingFilter">
<property name="authenticationManager">
<ref local="dbAuthenticationManager"/>
</property>
<property name="externalDataSynchronizer">
<ref local="externalDataSynchronizer"/>
</property>
<property name="filterProcessesUrl" value="/rest/login"/>
<property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
<property name="migrateInvalidatedSessionAttributes" value="true"/>
</bean>
<bean id="dbAuthenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="externalDaoAuthenticationProvider"/>
<ref bean="${bean.daoAuthenticationProvider}"/>
</list>
</property>
</bean>
<bean id="externalDaoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService"><ref bean="externalUserDetailsService"/></property>
</bean>
<bean id="externalUserDetailsService" class="com.jaspersoft.jasperserver.api.security.externalAuth.db.ExternalJDBCUserDetailsService">
<property name="dataSource" ref="externalDataSource"/>
<property name="usersByUsernameQuery" value="SELECT USERNAME as username, PASSW as password, true as enabled from DEVELOPMENT.SYS_USERS where (LOCKED=FALSE OR LOCKED IS NULL) AND USERNAME = ?"/>
<property name="authoritiesByUsernameQuery" value="SELECT DISTINCT U.username as username, F.method_name as rolename FROM DEVELOPMENT.SYS_USERS U, DEVELOPMENT.SYS_USER_GROUP UG, DEVELOPMENT.SYS_GROUP_FUNCTION GF, DEVELOPMENT.SYS_FUNCTIONS F WHERE U.ID = UG.USER_ID AND UG.GROUP_ID = GF.GROUP_ID AND GF.FUNCTION_ID = F.ID AND f.METHOD_NAME = 'REPORT' AND U.USERNAME = ?"/>
</bean>
<!-- ########## External JDBC Auth ########### -->
<!-- ############ Synchronizer ############ -->
<bean id="externalDataSynchronizer"
class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">
<property name="externalUserDetailsService">
<ref bean="externalUserDetailsService"/>
</property>
<property name="externalUserProcessors">
<list>
<ref local="externalUserSetupProcessor"/>
<!-- Example processor for creating user folder.
Other custom processors can be created and
added to the list.-->
<!--<ref local="externalUserFolderProcessor"/>-->
</list>
</property>
</bean>
<bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true">
<property name="repositoryService" ref="${bean.repositoryService}"/>
<property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
<property name="tenantService" ref="${bean.tenantService}"/>
<property name="profileAttributeService" ref="profileAttributeService"/>
<property name="objectPermissionService" ref="${bean.objectPermissionService}"/>
</bean>
<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor">
<property name="userAuthorityService">
<ref bean="${bean.internalUserAuthorityService}"/>
</property>
<property name="organizationRoleMap">
<map>
<entry>
<key>
<value>ROLE_REPORT</value>
</key>
<value>ROLE_ADMIN</value>
</entry>
<!-- Mapping customers roles to JS roles Example -->
<!--<entry>-->
<!--<key>-->
<!-- Сustomer role(with adding ROLE_ prefix) which need to be mapped to root JS roles -->
<!--<value>ROLE_ADMIN</value>-->
<!--</key>-->
<!-- root JS role customer role to be mapped to -->
<!--<value>ROLE_ADMINISTRATOR</value>-->
<!--</entry>-->
</map>
</property>
<property name="defaultInternalRoles">
<list>
<value>ROLE_USER</value>
</list>
</property>
</bean>
<bean id="externalUserFolderProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserFolderProcessor" parent="abstractExternalProcessor">
<property name="repositoryService" ref="${bean.unsecureRepositoryService}"/>
</bean>
<!-- ############ Synchronizer ############ -->
<!-- ############## external dataSource ############### -->
<bean id="externalDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="org.postgresql.Driver"/>
<property name="url" value="jdbc:postgresql://192.168.1.152:5432/development"/>
<property name="username" value="master"/>
<property name="password" value="password12"/>
</bean>
<!-- ############## external dataSource ############### -->
</beans>
Я хотел бы знать, почему я получаю исключение "плохие учетные данные". Я попытался настроить log4j.properties в папке WEB-INF, чтобы получить более подробную информацию о проблеме, но я не смог получить больше вывода, кроме
17:01:07,153 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,152 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:228 - Custom ESAPI security configuration is used.
17:01:07,160 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,160 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:431 - Attempting to load ESAPI.properties via file I/O.
17:01:07,168 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,167 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:527 - Attempting to load ESAPI.properties as resource file via file I/O.
17:01:07,182 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,176 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:543 - Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\jboss-as-7.1.1.Final\bin\ESAPI.properties
17:01:07,185 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,184 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:563 - Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
17:01:07,198 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,192 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:587 - Not found in 'user.home' (C:\Users\daniel.cristea) directory: C:\Users\daniel.cristea\esapi\ESAPI.properties
17:01:07,209 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,201 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:436 - Loading ESAPI.properties via file I/O failed.
17:01:07,218 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,211 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:437 - Attempting to load ESAPI.properties via the classpath.
17:01:07,251 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,244 WARN JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:652 - SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from 'esapi/' using current thread context class loader!
17:01:07,262 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,257 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:457 - Attempting to load validation.properties via file I/O.
17:01:07,271 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,264 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:527 - Attempting to load validation.properties as resource file via file I/O.
17:01:07,282 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,274 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:543 - Not found in 'org.owasp.esapi.resources' directory or file not readable: C:\Program Files\jboss-as-7.1.1.Final\bin\validation.properties
17:01:07,291 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,285 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:563 - Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
17:01:07,301 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,294 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:587 - Not found in 'user.home' (C:\Users\daniel.cristea) directory: C:\Users\daniel.cristea\esapi\validation.properties
17:01:07,312 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,304 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:462 - Loading validation.properties via file I/O failed.
17:01:07,318 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,317 INFO JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:463 - Attempting to load validation.properties via the classpath.
17:01:07,346 INFO [stdout] (http-localhost-127.0.0.1-8080-2) 2013-08-10 17:01:07,345 WARN JSESAPISecurityConfiguration,http-localhost-127.0.0.1-8080-2:652 - SUCCESSFULLY LOADED validation.properties via the CLASSPATH from 'esapi/' using current thread context class loader!
Я хотел бы знать, есть ли какой-нибудь способ, которым я мог бы выяснить источник ошибки "Плохие учетные данные".