我花了几天时间将自己更新到Java EE 8,在一起使用@CustomFormAuthenticationMechanismDefinition和@DatabaseIdentityStoreDefinition时遇到了一个问题。
我使用的是Glassfish v5、NetBeans 9 nightly和Java 8。
我所做的只是想更新security soteria(Java EE security 1.0 RI)test文件夹中的应用程序mem自定义表单示例,而我所更改的是使用@DatabaseIdentityStoreDefinition来替换基于内存的伪IdentityStore。
当我启动应用程序并尝试登录时,从NetBeans控制台获得了以下信息。
Info: Activating javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition identity store from com.hantsylabs.example.ee8.security.ApplicationConfig class
Info: Activating javax.security.enterprise.authentication.mechanism.http.CustomFormAuthenticationMechanismDefinition authentication mechanism from com.hantsylabs.example.ee8.security.ApplicationConfig class
Warning: RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info: initializing database...
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: RAR7115: Unable to set ClientInfo for connection
Info: Initializing Soteria 1.0 for context '/security-custom-form-db'
Info: Registering WebSocket filter for url pattern /*
Info: Initializing Mojarra 2.3.2 ( 20170627-2139 e63598abf2ed2bb1a24674f308a734e0dce18a72) for context '/security-custom-form-db'
Info: Monitoring jndi:/server/security-custom-form-db/WEB-INF/faces-config.xml for modifications
Info: Loading application [_Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition] at [/security-custom-form-db]
Info: _Security_1.0:_Custom_Form_Authentication_with__DatabaseIdentityStoreDefinition was successfully deployed in 3,288 milliseconds.
Warning: RAR8705: Invalid value for property dynamic-reconfiguration-wait-timeout-in-seconds : null
Info: RAR7115: Unable to set ClientInfo for connection
Info: authentication result:NOT_DONE
信息:身份验证结果:NOT_DONE从我的LoginBean,打印返回的AuthenticationStatus。
我的安全配置文件是:
@CustomFormAuthenticationMechanismDefinition(
loginToContinue = @LoginToContinue(
loginPage = "/login.faces",
errorPage = "" // DRAFT API - must be set to empty for now
)
)
@DatabaseIdentityStoreDefinition(
dataSourceLookup = "${'java:global/MyDS'}",
callerQuery = "#{'select password from caller where name = ?'}",
groupsQuery = "select group_name from caller_groups where caller_name = ?",
hashAlgorithm = Pbkdf2PasswordHash.class,
priorityExpression = "#{100}",
hashAlgorithmParameters = {
"Pbkdf2PasswordHash.Iterations=3072",
"${applicationConfig.dyna}"
} // just for test / example
)
@ApplicationScoped
@Named
public class ApplicationConfig {
public String[] getDyna() {
return new String[]{"Pbkdf2PasswordHash.Algorithm=PBKDF2WithHmacSHA512", "Pbkdf2PasswordHash.SaltSizeBytes=64"};
}
}
我还包含了DatabaseSetup,用于在应用程序启动时插入用户。该文件是从应用程序数据库示例中复制的。
我的完整代码可以在这里找到。
在项目中无缝使用@CustomFormAuthenticationMechanismDefinition和@DatabaseIdentityStoreDefinition的正确方法是什么?
更新,我刚刚尝试使用@FormAuthenticationMechanismDefinition和@DatabaseIdentityStoreDefinition,它有效,代码在这里。这是@CustomFormAuthenticationMechanismDefinition的一个错误吗。
我的应用程序中也遇到了同样的问题。添加.newAuthentication(true));来验证参数对我有帮助。
它适用于Glassfish 6.2.5的自定义表单和JSF,起初,同样的事情也发生在我身上,但后来我发现我在@DatabaseIdentityStoreDefinition的SQL语句中有错误。在这种情况下,它只是无声地返回NOT_DONE,在玻璃鱼日志等中没有线索。
也许从那时起就有什么问题被解决了。