借助ContainerResponseFilter的帮助,我可以将CORS标头应用于所有传出响应,并且通过ExceptionMapper可以在所有错误和异常上执行相同操作,但是Picketbox/Undertow在Wildfly中应该抛出任何身份验证相关的异常时都不会被捕获。无论我尝试什么,我的ExceptionMapper都从未捕获它,因此前端无法读取401状态,因为响应没有附加CORS标头(XHR HTTP状态代码变为0)。
我正在使用this PBKDF2设置来对MySQL数据库进行身份验证,一开始我认为由于身份验证在单独的模块中运行,所以可能没有被我的应用程序捕获,但即使将所有身份验证代码移动到我的应用程序中,我仍然遇到了同样的问题。
这是我在尝试使用错误密码进行身份验证时得到的日志条目(当我根本没有发送凭据时,我得到非常相似的结果):
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000224: End getAppConfigurationEntry(PBKDF2DatabaseDomain), AuthInfo: AppConfigurationEntry[]: [0] LoginModule Class: com.example.myapplication.security.SaltedDatabaseServerLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=dsJndiName, value=java:/user name=principalsQuery, value=SELECT
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000236: Begin initialize method 2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000262: Module options [dsJndiName: java:/user, principalsQuery: SELECT
这是我的ExceptionMapper类(目前设置为捕获所有Throwables,希望使其工作):
我该怎么做才能捕获这些身份验证异常并在它们上面添加CORS呢?
我正在使用this PBKDF2设置来对MySQL数据库进行身份验证,一开始我认为由于身份验证在单独的模块中运行,所以可能没有被我的应用程序捕获,但即使将所有身份验证代码移动到我的应用程序中,我仍然遇到了同样的问题。
这是我在尝试使用错误密码进行身份验证时得到的日志条目(当我根本没有发送凭据时,我得到非常相似的结果):
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000224: End getAppConfigurationEntry(PBKDF2DatabaseDomain), AuthInfo: AppConfigurationEntry[]: [0] LoginModule Class: com.example.myapplication.security.SaltedDatabaseServerLoginModule ControlFlag: LoginModuleControlFlag: required Options: name=dsJndiName, value=java:/user name=principalsQuery, value=SELECT
Hash
FROM account
WHERE ID=?
name=rolesQuery, value=SELECT Role
, 'Roles' FROM account WHERE account
.ID
=?2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000236: Begin initialize method 2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000262: Module options [dsJndiName: java:/user, principalsQuery: SELECT
Hash
FROM account
WHERE ID=?, rolesQuery: SELECT Role
, 'Roles' FROM account WHERE account
.ID
=?, suspendResume: true]
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000240: Begin login method
2014-11-29 16:11:08,053 TRACE [org.jboss.security] (default task-4) PBOX000263: Executing query SELECT Hash
FROM account
WHERE ID=? with username 1@2.se
2014-11-29 16:11:08,062 DEBUG [org.jboss.security] (default task-4) PBOX000283: Bad password for username 1@2.com
2014-11-29 16:11:08,062 TRACE [org.jboss.security] (default task-4) PBOX000244: Begin abort method
2014-11-29 16:11:08,062 DEBUG [org.jboss.security] (default task-4) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.21.Beta1.jar:4.0.21.Beta1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_25]
at java.lang.reflect.Method.invoke(Method.java:483) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_25]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_25]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_25]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.21.Beta1.jar:4.0.21.Beta1]
at org这是我的ExceptionMapper类(目前设置为捕获所有Throwables,希望使其工作):
@Provider
public class NotAuthorizedExceptionMapper implements ExceptionMapper<Throwable>{
@Override
public Response toResponse(Throwable exception) {
Response response = Response.status(Response.Status.UNAUTHORIZED).build();
response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
response.getHeaders().putSingle("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, allow, content-length, date, last-modified");
return response;
}
我该怎么做才能捕获这些身份验证异常并在它们上面添加CORS呢?