1
Ich habe fast 4 Tage Forschung verbracht, wie kann ich eine http grundlegende Auth mit Jersey in Weblogic 12c laufen zu erreichen.Jersey Rest Service mit HTTP-Basis-Sicherheit nicht unter Benutzer
ich diese Tutorials gefunden haben, die über sehr nahe, was ich will:
https://github.com/JohnathanMarkSmith/springmvc-rest-secured-test
ich Weblogic 12c verwende, ist diese meine Frühling xml Sicherheit:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security pre-post-annotations="enabled"/>
<!-- Stateless RESTful services use BASIC authentication -->
<http create-session="stateless"
pattern="/rest/**"
authentication-manager-ref="myAuthenticationManager">
<intercept-url pattern="/rest/**" access="ROLE_REST"/>
<http-basic/>
</http>
<authentication-manager alias="myAuthenticationManager">
<authentication-provider ref="myAuthenticationProvider">
</authentication-provider>
</authentication-manager>
<beans:bean id="myAuthenticationProvider"
class="com.siman.store.mobile.service.security.AuthLdapSiman" />
</beans:beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<!-- Paquete en el que estan servicios -->
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.siman.rms.ipow.web.service.rest</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.siman.rms.ipow</groupId>
<artifactId>rms-ipow-service</artifactId>
<version>1.0.0</version>
<packaging>war</packaging>
<name>rms-ipow-service</name>
<properties>
<endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
</properties>
<dependencies>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId>
<version>6.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.16</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-server</artifactId>
<version>1.19</version>
</dependency>
<dependency>
<groupId>com.sun.jersey</groupId>
<artifactId>jersey-json</artifactId>
<version>1.8</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.6</source>
<target>1.6</target>
<compilerArguments>
<endorseddirs>${endorsed.dir}</endorseddirs>
</compilerArguments>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-ejb-plugin</artifactId>
<version>2.3</version>
<configuration>
<ejbVersion>3.1</ejbVersion>
<clientIncludes>
<archive>log4j.properties</archive>
</clientIncludes>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.1</version>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<outputDirectory>${endorsed.dir}</outputDirectory>
<silent>true</silent>
<artifactItems>
<artifactItem>
<groupId>javax</groupId>
<artifactId>javaee-endorsed-api</artifactId>
<version>6.0</version>
<type>jar</type>
</artifactItem>
</artifactItems>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
Die Konfiguration zumindest es funktioniert, aber ich weiß nicht, warum nicht arbeitet daran, die ‚Authentifizierung-Anbieter‘ habe ich das Beispiel getestet, die ich in der Github mantioned haben Projekt, aber es läuft in einem Kater.
Wenn ich die URL in einem Browser getestet:
http://localhost:7003/store-mobile-service/rest/some
es fordert den http-Authentifizierung Dialog, aber es nimmt nicht die Benutzer ich auf die Form geben, die Protokolle angezeigt:
2016-06-28 11:18:14 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/rest/some'; against '/rest/**'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 2 of 7 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 3 of 7 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 4 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 5 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-06-28 11:18:14 DEBUG AnonymousAuthenticationFilter:102 - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff4c9c: RemoteIpAddress: 192.168.24.79; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-06-28 11:18:14 DEBUG FilterChainProxy:337 - /rest/some at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-06-28 11:18:14 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/rest/some'; against '/rest/**'
2016-06-28 11:18:14 DEBUG FilterSecurityInterceptor:194 - Secure object: FilterInvocation: URL: /rest/some; Attributes: [ROLE_REST]
2016-06-28 11:18:14 DEBUG FilterSecurityInterceptor:310 - Previously Authenticated: org.sprin[email protected]6faa3d44: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]ffff4c9c: RemoteIpAddress: 192.168.24.79; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-06-28 11:18:14 DEBUG AffirmativeBased:65 - Voter: [email protected], returned: -1
2016-06-28 11:18:14 DEBUG AffirmativeBased:65 - Voter: [email protected]fde, returned: 0
2016-06-28 11:18:14 DEBUG ExceptionTranslationFilter:165 - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3367)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
2016-06-28 11:18:14 DEBUG ExceptionTranslationFilter:185 - Calling Authentication entry point.
2016-06-28 11:18:14 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed