I seem to run into this error every time I try and get certificate logins working in JBoss, at work or at home I always run into it. Any advice appreciated.
Added to conf/jboss-service.xml:
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=SecurityDomain">
<constructor>
<arg type="java.lang.String" value="fizio"></arg>
</constructor>
<attribute name="KeyStoreURL">resource:server.keystore</attribute>
<attribute name="KeyStorePass">password</attribute>
<depends>jboss.security:service=JaasSecurityManager</depends>
</mbean>
Added to conf/login-config.xml
<application-policy name="fizio">
<authentication>
<login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="securityDomain">java:/jaas/fizio</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/FizioDS</module-option>
<module-option name="principalsQuery">SELECT password FROM physio WHERE username=?</module-option>
<module-option name="rolesQuery">SELECT role, 'Roles' FROM role WHERE username=?</module-option>
</login-module>
</authentication>
</application-policy>
jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/fizio</security-domain>
<context-root>/jsf-web</context-root>
</jboss-web>
Relevant output from server.log:
08:52:11,436 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(fizio), size=13
08:52:11,436 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(fizio), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.BaseCertLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=securityDomain, value=java:/jaas/fizio
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principalsQuery, value=SELECT password FROM physio WHERE username=?
name=dsJndiName, value=java:/FizioDS
na开发者_JAVA技巧me=rolesQuery, value=SELECT role, 'Roles' FROM role WHERE username=?
08:52:11,442 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] initialize
08:52:11,442 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] Security domain: fizio
08:52:11,443 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] securityDomain=java:/jaas/fizio
08:52:11,444 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] found domain: org.jboss.security.plugins.JaasSecurityDomain
08:52:11,444 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] exit: initialize(Subject, CallbackHandler, Map, Map)
08:52:11,445 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] enter: login()
08:52:11,445 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] login
08:52:11,446 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] enter: getAliasAndCert()
08:52:11,447 WARN [org.jboss.security.auth.spi.BaseCertLoginModule] Don't know how to obtain X509Certificate from: class java.lang.String
08:52:11,458 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
08:52:11,461 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: fizio
08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/FizioDS
08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=SELECT password FROM physio WHERE username=?
08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=SELECT role, 'Roles' FROM role WHERE username=?
08:52:11,462 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
08:52:11,465 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
08:52:11,466 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
08:52:11,503 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT password FROM physio WHERE username=?, with username: rich
08:52:11,514 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
08:52:11,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
08:52:11,516 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'rich' authenticated, loginOk=true
08:52:11,517 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] abort
08:52:11,518 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
08:52:11,518 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.fizio] Login failure: javax.security.auth.login.LoginException: Don't know how to obtain X509Certificate from: class java.lang.String
You have to turn on passwordstacking on the BaseCertLoginModule or else it will try to use the certificate as the user name as the login on the database:
<module-option name="password-stacking">useFirstPass</module-option>
Link: http://docs.jboss.org/jbossas/docs/Server_Configuration_Guide/4/html/Using_JBoss_Login_Modules-Password_Stacking.html
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论