jdbRealm и BASIC http: пароль успешно выполнен, веб-страница отображает 403

Question

jdbRealm и BASIC http: пароль успешно выполнен, веб-страница отображает 403

Я создал простой веб-проект Maven и попытался защитить его с помощью BASIC-аутентификации и jdbRealm.

На моем сервере glassfish 4.0 я создал область и включил "Назначение по умолчанию для сопоставления ролей". Уровень безопасности журнала установлен на лучший.

мой web.xml выглядит так:

    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <security-constraint>
        <display-name>UserConstraint</display-name>
        <web-resource-collection>
            <web-resource-name>ApiResource</web-resource-name>
            <description/>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>PUT</http-method>
            <http-method>HEAD</http-method>
            <http-method>POST</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>user</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>jdbc-realm</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>user</role-name>
    </security-role>
</web-app>

Царство, кажется, работает. Когда я запускаю проект, появляется экран аутентификации и вход в систему прошел успешно:

Выход Glassfish:

    Fine:   [Web-Security] Setting Policy Context ID: old = null ctxID = security/security
Fine:   [Web-Security] hasUserDataPermission perm: ("javax.security.jacc.WebUserDataPermission" "" "GET")
Fine:   [Web-Security] hasUserDataPermission isGranted: true
Fine:   [Web-Security] Policy Context ID was: security/security
Fine:   [Web-Security] Codesource with Web URL: file:/security/security
Fine:   [Web-Security] Checking Web Permission with Principals : null
Fine:   [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine:   [Web-Security] hasResource isGranted: false
Fine:   [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
Fine:   Logging in user [joost] into realm: jdbc-realm using JAAS module: jdbcRealm
Fine:   Login module initialized: class com.sun.enterprise.security.ee.auth.login.JDBCLoginModule
Finest:   JDBC login succeeded for: joost groups:[users]
Fine:   JAAS login complete.
Fine:   JAAS authentication committed.
Fine:   Password login succeeded for : joost
Fine:   Set security context as user: joost
Fine:   [Web-Security] Policy Context ID was: security/security
Fine:   [Web-Security] Generating a protection domain for Permission check.
Fine:   [Web-Security] Checking with Principal : joost
Fine:   [Web-Security] Checking with Principal : users
Fine:   [Web-Security] Codesource with Web URL: file:/security/security
Fine:   [Web-Security] Checking Web Permission with Principals : joost, users
Fine:   [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine:   [Web-Security] hasResource isGranted: false
Fine:   [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Fine:   [Web-Security] Policy Context ID was: security/security
Fine:   [Web-Security] hasUserDataPermission perm: ("javax.security.jacc.WebUserDataPermission" "" "GET")
Fine:   [Web-Security] hasUserDataPermission isGranted: true
Fine:   [Web-Security] Policy Context ID was: security/security
Fine:   [Web-Security] Codesource with Web URL: file:/security/security
Fine:   [Web-Security] Checking Web Permission with Principals : null
Fine:   [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine:   [Web-Security] hasResource isGranted: false
Fine:   [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   Processing login with credentials of type: class com.sun.enterprise.security.auth.login.common.PasswordCredential
Fine:   Logging in user [joost] into realm: jdbc-realm using JAAS module: jdbcRealm
Fine:   Login module initialized: class com.sun.enterprise.security.ee.auth.login.JDBCLoginModule
Finest:   JDBC login succeeded for: joost groups:[users]
Fine:   JAAS login complete.
Fine:   JAAS authentication committed.
Fine:   Password login succeeded for : joost
Fine:   Set security context as user: joost
Fine:   [Web-Security] Policy Context ID was: security/security
Fine:   [Web-Security] Codesource with Web URL: file:/security/security
Fine:   [Web-Security] Checking Web Permission with Principals : joost, users
Fine:   [Web-Security] Web Permission = ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Finest:   JACC Policy Provider: PolicyWrapper.implies, context (security/security)- result was(false) permission (("javax.security.jacc.WebResourcePermission" "/index.html" "GET"))
Fine:   [Web-Security] hasResource isGranted: false
Fine:   [Web-Security] hasResource perm: ("javax.security.jacc.WebResourcePermission" "/index.html" "GET")
Fine:   FileRealm : file=C:\Users\Joost\School\S6\SOP\development_server\glassfish\domains\domain1\config\admin-keyfile
Fine:   FileRealm : jaas-context=ignore
Fine:   Login module initialized: class com.sun.enterprise.security.auth.login.FileLoginModule
Fine:   File login succeeded for: admin
Fine:   JAAS login complete.
Fine:   JAAS authentication committed.

Однако на странице отображается HTTP-статус 403 - запрещено. Я понятия не имею. Я также попробовал это с пользовательскими основными ролями, но это не сработало.

4

java basic-authentication jdb

Источник

user4059540 18 апр '15 в 10:05

0 ответов

Другие вопросы по тегам java basic-authentication jdb