1. 首页
  2. 问答
  3. 在JBoss AS 7的web.xml中没有角色的身份验证

在JBoss AS 7的web.xml中没有角色的身份验证

2011-12-15 52 views
6

对于RESTful企业应用程序,我需要所有的调用都要进行身份验证,但是我无法提供系统所有用户都拥有的公共组/滚动权限。我通过LDAP进行身份验证和授权(对此问题应该没有什么不同)。在JBoss AS 7的web.xml中没有角色的身份验证

如果我将元素注释掉了,如下面的web.xml所示,我根本没有得到任何认证。我如何在不需要共同角色的情况下进行身份验证?另外,一个空的auth-consraint不起作用。

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 
    <context-param> 
     <!-- fpe: This one is necessary. --> 
     <param-name>resteasy.role.based.security</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>Resteasy</web-resource-name> 
      <url-pattern>/*</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
      <http-method>PUT</http-method> 
      <http-method>DELETE</http-method> 
     </web-resource-collection> 
<!--  <auth-constraint> --> 
<!--   <role-name>*</role-name> --> 
<!--  </auth-constraint> --> 
     <user-data-constraint> 
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 
    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>Login</realm-name> 
    </login-config> 
<!-- <security-role> --> 
<!--  <role-name>the_common_role</role-name> --> 
<!-- </security-role> --> 
</web-app>

使用*正确的伎俩:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation=" http://java.sun.com/xml/ns/javaee  http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> 
    <context-param> 
     <!-- fpe: This one is necessary. --> 
     <param-name>resteasy.role.based.security</param-name> 
     <param-value>true</param-value> 
    </context-param> 
    <security-constraint> 
     <web-resource-collection> 
      <web-resource-name>Resteasy</web-resource-name> 
      <url-pattern>/*</url-pattern> 
      <http-method>GET</http-method> 
      <http-method>POST</http-method> 
      <http-method>PUT</http-method> 
      <http-method>DELETE</http-method> 
     </web-resource-collection> 
     <auth-constraint> 
      <role-name>*</role-name> 
     </auth-constraint> 
     <user-data-constraint> 
      <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
     </user-data-constraint> 
    </security-constraint> 
    <login-config> 
     <auth-method>BASIC</auth-method> 
     <realm-name>Login</realm-name> 
    </login-config> 
    <security-role> 
     <role-name>*</role-name> 
    </security-role> 
</web-app>

来源

2011-12-15 Frank

回答

6

答案的问题追加。

来源

2012-11-21 10:56:03 Frank

相关问题

 相关问题