关于weblogic:全网最全weblogic自定义Provider开发教程

weblogic Provider

做过OAM，OID我的项目的同学应该都晓得，要集成OAM和OID须要在weblogic的Security Realms中配置Provider，那什么是Provider？在业务零碎中，认证和受权始终是最简单的一块，体现在

• 认证协定多样性，比方OAuth2，SAML等
• 认证形式多样性，比方二次认证，验证码认证等
• 认证策略多样性，比方有多个认证源，策略能够多样性，能够是一个不通过就不通过，也能够是只有有一个通过就全副通过
• 自定义认证的需要，这个在企业外面还是挺多的，一些零碎上线时还没有相应的规范进去，所以都是自开发
• 明码认证策略多样性，大部分零碎明码存储是不可逆的，如果一开始没有将明码存储在LDAP之类的服务里，后续如果要做降级，就无奈拿到原始明码，那么就须要自定义明码认证策略。

总之，认证并不是用户名明码验证这么简略，所以weblogic针对不同的认证场景提供不同的Provider，weblogic作为成熟的商业服务器，天然蕴含大部分认证场景，以weblogic 11g为例，蕴含了以下Provider

• SAML2IdentityAsserter
• X3gppAssertedIdentityAsserter
• X3gppAssertedIdentityStrictAsserter
• DBMSDigestIdentityAsserter
• IdentityAssertionAuthenticator
• IdentityHeaderAsserter
• LdapDigestIdentityAsserter
• PAssertedIdentityAsserter
• PAssertedIdentityStrictAsserter
• CrossTenantAuthenticator
• TrustServiceIdentityAsserter
• OSSOIdentityAsserter
• OAMIdentityAsserter
• OAMAuthenticator
• ActiveDirectoryAuthenticator
• CustomDBMSAuthenticator
• DefaultAuthenticator
• DefaultIdentityAsserter
• IPlanetAuthenticator
• LDAPAuthenticator
• LDAPX509IdentityAsserter
• NegotiateIdentityAsserter
• NovellAuthenticator
• OpenLDAPAuthenticator
• OracleInternetDirectoryAuthenticator
• OracleVirtualDirectoryAuthenticator
• ReadOnlySQLAuthenticator
• SQLAuthenticator
• WindowsNTAuthenticator
• SAMLAuthenticator
• SAMLIdentityAsserter
• SAMLIdentityAsserterV2

通过观察下面的列表，咱们发现有两类Provider

• xxxAsserter
• xxxAuthenticator

那么这两个有什么区别，搞清楚这两个的区别十分重要，你进小区，如果你有带房卡就能够间接进，如果没有，你就得证实你是小区的户主，可能就须要你提供身份证，电话之类的信息，同理，如果带着token或者cookie拜访零碎那么就须要Asserter进行认证受权，如果带着用户名明码登录零碎就须要Authenticator进行认证，总之，Asserter看token，Authenticator看明码，那配过OAM单点登录的同学应该晓得，要实现OAM单点登录须要配置两个货色

• 配置OAMIdentityAsserter
• 配置OracleInternetDirectoryAuthenticator

那问题来了，为什么有了OAMIdentityAsserter还须要OracleInternetDirectoryAuthenticator？用户在登录页登录后，后续所有的申请都是通过OAMIdentityAsserter解析OAM信息进行认证受权，那么还须要Authenticator干嘛？Asserter获取的用户信息无限，只能从token外面解析出无限的用户信息，个别就是用户ID，那么须要判断用户存不存在或者须要更多的用户信息就须要借助Authenticator

JAAS

JAAS(Java Authentication and Authorization Service)是Java提供集成在JDK中（在javax.security.auth门路下）规范用户认证与受权模型，简略来说，JAAS提供了一系列的接口，不同认证形式通过实现接口从而能够以插件的模式集成到java应用程序中，JAAS架构图下

在JAAS中有几个重要的概念须要理解

• Subject

Subject示意请求者，可能是一个人也可能是一个设施

• Principal

Principal是关联在Subject下，后面提到Subject示意的是请求者，咱们用登录用户会更好了解点，那么Principal就是用户的账号，可能是用手机号登录的，也可能是用邮箱登录的，Subject能够有多个Principal

• LoginContext

LoginContext认证上下文，提供一系列认证办法，负责调用具体的认证实现（LoginModule），并且认证胜利后返回Subject

• LoginModule

认证的具体实现，其中login办法实现登录逻辑，存储后果，commit办法最终将Subject提交到上下文

• CallbackHandler

当LoginModule须要拿到用户名和明码等认证信息时，就须要调用CallbackHandler返回这些信息，在gui利用中，CallbackHandler可能会弹出一个窗口让用户输出用户名和明码

• Callback

LoginModule须要获取的用户信息成为Callback，比方须要向CallbackHandler获取用户名，那么就会创立一个NameCallback，须要获取明码就会创立一个PasswordCallback，CallbackHandler依据Callback的类型返回用户信息

我的项目背景

某我的项目须要将OAM替换成其余产品，要求不能批改利用，做到无缝切换，利用部署在webogic上，通过OAMIdentityAsserter和OracleInternetDirectoryAuthenticator集成OAM和OID实现单点登录，利用局部配置如下

• web.xml

   <security-constraint>    <web-resource-collection>        <web-resource-name>SecurePages</web-resource-name>        <description>These pages are only accessible by authorized users.</description>        <url-pattern>/*</url-pattern>        <http-method>GET</http-method>    </web-resource-collection>    <auth-constraint>        <description>These are the roles who have access.</description>        <role-name>ValidUser</role-name>    </auth-constraint>    <user-data-constraint>        <description>This is how the user data must be transmitted.</description>        <transport-guarantee>NONE</transport-guarantee>    </user-data-constraint></security-constraint><login-config>    <auth-method>CLIENT-CERT</auth-method>    <realm-name>myrealm</realm-name></login-config><security-role>    <description>These are the roles who have access.</description>    <role-name>ValidUser</role-name></security-role>

• weblogic.xml

  <wls:security-role-assignment>      <wls:role-name>ValidUser</wls:role-name>      <wls:principal-name>users</wls:principal-name>  </wls:security-role-assignment>

留神到web.xml中login-config的配置<auth-method>CLIENT-CERT</auth-method>，这个配置示意利用从上下文获取用户信息，也就是从HttpServletRequest的getUserPrincipal办法获取用户信息

实现计划

如果要做到不动利用代码的状况下实现切换，就得实现相似OAMIdentityAsserter的性能，也就是开发自定义Asserter，这样对利用来说只有Asserter认证过仍然能够从上下文拿到用户信息。

开发自定义Provider

接下来咱们须要自开发一个Provider来实现以下需要，在http header中如果蕴含YUFU_REMOTE_USER，那么value就是用户id，该申请视为曾经过认证，就跟OAM的OAM_REMOTE_USER实现机制一样

大家可能感觉这种认证机制太弱智了，很容易有平安问题，所以这个计划的前提条件是，后面须要有认证核心的反向代理，不能让用户绕过认证核心进行拜访，能够在防火墙层面将申请隔离

Provider是通过weblogic MBean实现，所以开发流程和和MBean根本一样

• 创立MBean形容文件

YufuSSOIdentityAsserter.xml

<?xml version="1.0" ?><!DOCTYPE MBeanType SYSTEM "commo.dtd"><MBeanType        Name="YufuSSOIdentityAsserter"        DisplayName="YufuSSOIdentityAsserter"        Package="com.yufu.plugin.weblogic"        Extends="weblogic.management.security.authentication.IdentityAsserter"        PersistPolicy="OnUpdate">    <MBeanAttribute            Name="ProviderClassName"            Type="java.lang.String"            Writeable="false"            Preprocessor="weblogic.management.configuration.LegalHelper.checkClassName(value)"            Default="&quot;com.yufu.plugin.weblogic.YufuSSOIdentityAsserterProviderImpl&quot;"    />    <MBeanAttribute            Name="Description"            Type="java.lang.String"            Writeable="false"            Default="&quot;得帆云weblogic认证插件&quot;"    />    <MBeanAttribute            Name="Version"            Type="java.lang.String"            Writeable="false"            Default="&quot;1.0&quot;"    />    <MBeanAttribute            Name="SupportedTypes"            Type="java.lang.String[]"            Writeable="false"            Default="new String[] { &quot;YUFU_REMOTE_USER&quot; }"    />    <MBeanAttribute            Name="ActiveTypes"            Type="java.lang.String[]"            Default="new String[] { &quot;YUFU_REMOTE_USER&quot; }"    />    <MBeanAttribute            Name="Base64DecodingRequired"            Type="boolean"            Writeable="false"            Default="false"            Description="See MyIdentityAsserter-doc.xml."    /></MBeanType>

该文件次要定义Provider的实现类和相干配置，定义在这里的属性在weblogic创立Provider时会显示在界面上，SupportedTypes示意反对的token类型，这里就是指token名称也就是http header名称，ActiveTypes示意默认抉择的token类型。

• 筹备以下三个java文件

YufuSSOIdentityAsserterProviderImpl.java

package com.yufu.plugin.weblogic;import java.util.HashMap;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.login.AppConfigurationEntry;import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;import weblogic.management.security.ProviderMBean;import weblogic.security.provider.PrincipalValidatorImpl;import weblogic.security.service.ContextHandler;import weblogic.security.spi.*;public final class YufuSSOIdentityAsserterProviderImpl implements AuthenticationProviderV2, IdentityAsserterV2 {    final static private String TOKEN_TYPE = "YUFU_REMOTE_USER";    private String description;    private LoginModuleControlFlag controlFlag;    public void initialize(ProviderMBean mbean, SecurityServices services) {        System.out.println("插件初始化");        YufuSSOIdentityAsserterMBean asserterBean = (YufuSSOIdentityAsserterMBean) mbean;        description = asserterBean.getDescription() + "\n" + asserterBean.getVersion();        controlFlag = LoginModuleControlFlag.SUFFICIENT;    }    /**     * 外围认证逻辑     *     * @param type    token名称     * @param token   token值（byte[]类型）     * @param context     * @return     * @throws IdentityAssertionException     */    public CallbackHandler assertIdentity(String type, Object token, ContextHandler context) throws IdentityAssertionException {        System.out.println("\tType\t\t= " + type);        System.out.println("\tToken\t\t= " + token);        this.validate(type, token);        byte[] tokenBytes = (byte[]) token;        if (tokenBytes == null || tokenBytes.length < 1) {            String error = "received empty token byte array";            throw new IdentityAssertionException(error);        }        String userName = new String(tokenBytes);        return new YufuSSOCallbackHandlerImpl(userName);    }    private void validate(String type, Object token) throws IdentityAssertionException {        if (!(TOKEN_TYPE.equals(type))) {            String error = "unknown token type \"" + type + "\"." + " Expected " + TOKEN_TYPE;            throw new IdentityAssertionException(error);        }        if (!(token instanceof byte[])) {            String error = "received unknown token class \"" + token.getClass() + "\"." + " Expected a byte[].";            System.out.println("\tError: " + error);            throw new IdentityAssertionException(error);        }    }    public AppConfigurationEntry getLoginModuleConfiguration() {        HashMap options = new HashMap();        return getConfiguration(options);    }    /**     * 定义LoginModule实现类     *     * @param options     * @return     */    private AppConfigurationEntry getConfiguration(HashMap options) {        return new                AppConfigurationEntry(                "com.yufu.plugin.weblogic.YufuSSOLoginModuleImpl",                controlFlag,                options        );    }    public AppConfigurationEntry getAssertionModuleConfiguration() {        HashMap options = new HashMap();        options.put("IdentityAssertion", "true");        return getConfiguration(options);    }    public PrincipalValidator getPrincipalValidator() {        return new PrincipalValidatorImpl();    }    public String getDescription() {        return description;    }    public void shutdown() {    }    public IdentityAsserterV2 getIdentityAsserter() {        return this;    }}

YufuSSOLoginModuleImpl.java

package com.yufu.plugin.weblogic;import java.io.IOException;import java.util.Map;import java.util.Vector;import javax.security.auth.Subject;import javax.security.auth.callback.Callback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.NameCallback;import javax.security.auth.callback.UnsupportedCallbackException;import javax.security.auth.login.LoginException;import javax.security.auth.spi.LoginModule;import weblogic.security.principal.WLSGroupImpl;import weblogic.security.principal.WLSUserImpl;final public class YufuSSOLoginModuleImpl implements LoginModule {    private Subject subject;    private CallbackHandler callbackHandler;    private boolean loginSucceeded;    private boolean principalsInSubject;    private Vector principalsForSubject = new Vector();    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {        System.out.println("YufuSSOLoginModuleImpl.initialize");        this.subject = subject;        this.callbackHandler = callbackHandler;    }    /**     * 登录逻辑     * @return     * @throws LoginException     */    public boolean login() throws LoginException {        System.out.println("插件校验登录");        Callback[] callbacks = getCallbacks();        String userName = getUserName(callbacks);        loginSucceeded = true;        principalsForSubject.add(new WLSUserImpl(userName));        addGroupsForSubject(userName);        return loginSucceeded;    }    /**     * 确认登录胜利     *     * @return     * @throws LoginException     */    public boolean commit() throws LoginException {        if (loginSucceeded) {            subject.getPrincipals().addAll(principalsForSubject);            principalsInSubject = true;            return true;        } else {            return false;        }    }    public boolean abort() throws LoginException {        if (principalsInSubject) {            subject.getPrincipals().removeAll(principalsForSubject);            principalsInSubject = false;        }        return true;    }    public boolean logout() throws LoginException {        return true;    }    private void throwLoginException(String msg) throws LoginException {        throw new LoginException(msg);    }    private Callback[] getCallbacks() throws LoginException {        if (callbackHandler == null) {            throwLoginException("短少callback处理器");        }        Callback[] callbacks = new Callback[1];        try {            callbackHandler.handle(callbacks);        } catch (IOException e) {            throw new LoginException(e.toString());        } catch (UnsupportedCallbackException e) {            throwLoginException(e.toString() + " " + e.getCallback().toString());        }        return callbacks;    }    private String getUserName(Callback[] callbacks) throws LoginException {        String userName = ((NameCallback) callbacks[0]).getName();        if (userName == null) {            throwLoginException("Username为空.");        }        return userName;    }    private void addGroupsForSubject(String userName) {        String groupName = "YufuPerimeterAtnUsers";        System.out.println("\tgroupName\t= " + groupName);        principalsForSubject.add(new WLSGroupImpl(groupName));    }}

YufuSSOCallbackHandlerImpl.java

package com.yufu.plugin.weblogic;import javax.security.auth.callback.Callback;import javax.security.auth.callback.NameCallback;import javax.security.auth.callback.CallbackHandler;import javax.security.auth.callback.UnsupportedCallbackException;class YufuSSOCallbackHandlerImpl implements CallbackHandler {    private String userName;    YufuSSOCallbackHandlerImpl(String user) {        userName = user;    }    public void handle(Callback[] callbacks) throws UnsupportedCallbackException {        for (int i = 0; i < callbacks.length; i++) {            Callback callback = callbacks[i];            if (!(callback instanceof NameCallback)) {                throw new UnsupportedCallbackException(callback, "Unrecognized Callback");            }            NameCallback nameCallback = (NameCallback) callback;            nameCallback.setName(userName);        }    }}

• 筹备ant构建文件

build.xml

<project name="Expenselink Build" default="all" basedir="."><property name="fileDir" value="test" /><target name="all" depends="build"/><target name="build" depends="clean,build.mdf,build.mjf"/><target name="clean"><delete dir="${fileDir}" failonerror="false"/><delete file="YufuSSOIdentityAsserter.jar" failonerror="false"/><echo message="Clean finish" /></target><!-- helper to build an MDF (mbean definition file) --><target name="build.mdf"><java dir="${basedir}" fork="false" classname="weblogic.management.commo.WebLogicMBeanMaker"><arg line="-files ${fileDir}" /><arg value="-createStubs" /><arg line="-MDF YufuSSOIdentityAsserter.xml" /></java><echo message="Created Supporting Classes" /></target><target name="build.mjf"><copy todir="${fileDir}" flatten="true"><fileset dir="."><include name="*.java" /></fileset></copy><java dir="${basedir}" fork="false" classname="weblogic.management.commo.WebLogicMBeanMaker"><arg line="-MJF YufuSSOIdentityAsserter.jar" /><arg line="-files ${fileDir}" /></java><echo message="Created Mbean Jar" /></target></project>

将这些文件上传到weblogic服务器

$ ll-rw-r--r-- 1 oracle oinstall  1102 May 11 10:03 build.xml-rw-r--r-- 1 oracle oinstall   890 May 11 09:58 YufuSSOCallbackHandlerImpl.java-rw-r--r-- 1 oracle oinstall  3194 May 11 10:34 YufuSSOIdentityAsserterProviderImpl.java-rw-r--r-- 1 oracle oinstall  1576 May 11 09:58 YufuSSOIdentityAsserter.xml-rw-r--r-- 1 oracle oinstall  4585 May 11 09:58 YufuSSOLoginModuleImpl.java

将$MIDDLEWARE_HOME/wlserver_10.3/server/lib/mbeantypes/commo.dtd文件复制到当前目录下

$ ll-rw-r--r-- 1 oracle oinstall  1102 May 11 10:03 build.xml-rw-r--r-- 1 oracle oinstall  7993 May 11 09:58 commo.dtd-rw-r--r-- 1 oracle oinstall   890 May 11 09:58 YufuSSOCallbackHandlerImpl.java-rw-r--r-- 1 oracle oinstall  3194 May 11 10:34 YufuSSOIdentityAsserterProviderImpl.java-rw-r--r-- 1 oracle oinstall  1576 May 11 09:58 YufuSSOIdentityAsserter.xml-rw-r--r-- 1 oracle oinstall  4585 May 11 09:58 YufuSSOLoginModuleImpl.java

• 设置weblogic上下文环境

cd $MIDDLEWARE_HOME/user_projects/domains/portal_domain/bin/. ./setDomainEnv.sh

执行setDomainEnv.sh的目标是设置weblogic上下文环境，这样在后续的脚本执行过程中能够找到weblogic相干依赖jar包

MIDDLEWARE_HOME：中间件目录，比方/u01/Middleware

命令的第二行第一个是有个点.，这个不能疏忽

• 在build.xml目录下执行ant命令

$ lltotal 36-rw-r--r-- 1 oracle oinstall 1102 May 11 10:03 build.xml-rw-r--r-- 1 oracle oinstall 7993 May 11 09:58 commo.dtddrwxr-xr-x 2 oracle oinstall 4096 May 11 13:00 src-rw-r--r-- 1 oracle oinstall  890 May 11 09:58 YufuSSOCallbackHandlerImpl.java-rw-r--r-- 1 oracle oinstall 3194 May 11 10:34 YufuSSOIdentityAsserterProviderImpl.java-rw-r--r-- 1 oracle oinstall 1576 May 11 09:58 YufuSSOIdentityAsserter.xml-rw-r--r-- 1 oracle oinstall 4585 May 11 09:58 YufuSSOLoginModuleImpl.java$ antBuildfile: build.xmlclean:   [delete] Deleting directory /data/Middleware/user_projects/domains/portal_domain/assert/yufu/src     [echo] Clean finishbuild.mdf:     [java] Working directory ignored when same JVM is used.     [java] Parsing the MBean definition file: YufuSSOIdentityAsserter.xml     [echo] Created Supporting Classesbuild.mjf:     [copy] Copying 3 files to /data/Middleware/user_projects/domains/portal_domain/assert/yufu/src     [java] Working directory ignored when same JVM is used.     [java] Creating an MJF from the contents of directory src...     [java] Compiling the files...     [java] Creating the list.     [java] Doing the compile.    .....build:all:BUILD SUCCESSFULTotal time: 5 seconds

构建胜利后会在本地生成一个jar文件，将该文件拷本到以下目录

cp YufuSSOIdentityAsserter.jar $MIDDLEWARE_HOME/wlserver_10.3/server/lib/mbeantypes/

weblogic自身自带了ant工具，门路位于$MIDDLEWARE_HOME/modules/org.apache.ant_1.7.1目录下，你能够在用户的.bash_profile外面退出以下配置

ANT_HOME=/data/Middleware/modules/org.apache.ant_1.7.1

PATH=$ANT_HOME/bin:$PATH

这样就能够间接应用ant命令

• 重启所有服务器（AdminServer和ManagerServer）

配置Provider

登录console，进入myrealm >Providers就能够看到自开发的Asserter

点击Save保留，点击激活更改利用所有更改

• 碰到的问题

在激活的时候可能会碰到一下谬误

后盾报错如下：

<May 10, 2021 4:54:50 PM CST> <Error> <Console> <BEA-240003> <Console encountered the following error weblogic.management.provider.UpdateException: [Management:141191]The prepare phase of the configuration update failed with an exception: at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.updateDeploymentContext ...Caused by: java.io.IOException: [Management:141245]Schema Validation Error in config/config.xml see log for details. Schema validation can be disabled by starting the server with the command line option: -Dweblogic.configuration.schemaValidationEnabled=false at weblogic.management.provider.internal.EditAccessImpl.checkErrors(EditAccessImpl.java:2340) at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.handleConfigTreeLoad(RuntimeAccessDeploymentReceiverService.java:968) at weblogic.management.provider.internal.RuntimeAccessDeploymentReceiverService.updateDeploymentContext(RuntimeAccessDeploymentReceiverService.java:599)>

这个谬误是配置完provider后，weblogic会将信息写入config/config.xml文件中，而该文件在Schema validation（模式验证）中验证不通过，这应该是weblogic的bug导致，解决办法是在setDomainEnv.sh中找到这段（大略在530行左右）

JAVA_OPTIONS="${JAVA_OPTIONS}"export JAVA_OPTIONS

将其改为

JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.configuration.schemaValidationEnabled=false"export JAVA_OPTIONS

而后重启所有的服务器

验证

• 筹备一个servlet，代码如下

public class SecurityServlet extends HttpServlet {    @Override    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {        StringBuffer str = new StringBuffer();        str.append("remoteUser:" + req.getRemoteUser() + "\r\n<br/>");        String name = (req.getUserPrincipal() == null) ? null : req                .getUserPrincipal().getName();        str.append("Principal Name: " + name + "\r\n<br/>");        str.append("Authentication Type: " + req.getAuthType() + "\n<br/>");        resp.setCharacterEncoding("utf-8");        resp.setContentType("text/html; charset=UTF-8");        resp.getOutputStream().write(str.toString().getBytes("utf-8"));        resp.getOutputStream().flush();    }}

• web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"         version="2.5" xmlns="http://java.sun.com/xml/ns/javaee">    <servlet>        <servlet-name>security</servlet-name>        <servlet-class>com.demo.service.SecurityServlet</servlet-class>    </servlet>    <servlet-mapping>        <servlet-name>security</servlet-name>        <url-pattern>/security</url-pattern>    </servlet-mapping>       <security-constraint>        <web-resource-collection>            <web-resource-name>SecurePages</web-resource-name>            <url-pattern>/*</url-pattern>            <http-method>GET</http-method>        </web-resource-collection>        <auth-constraint>            <role-name>ValidUser</role-name>        </auth-constraint>        <user-data-constraint>            <transport-guarantee>NONE</transport-guarantee>        </user-data-constraint>    </security-constraint>    <login-config>        <auth-method>CLIENT-CERT</auth-method>        <realm-name>myrealm</realm-name>    </login-config>    <security-role>        <role-name>ValidUser</role-name>    </security-role></web-app>

• weblogi.xml

<?xml version='1.0' encoding='UTF-8'?><wls:weblogic-web-app        xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app"        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee        http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd        http://xmlns.oracle.com/weblogic/weblogic-web-app        http://xmlns.oracle.com/weblogic/weblogic-web-app/1.4/weblogic-web-app.xsd">    <wls:security-role-assignment>        <wls:role-name>ValidUser</wls:role-name>        <wls:principal-name>users</wls:principal-name>    </wls:security-role-assignment>    <wls:context-root>/definetool</wls:context-root></wls:weblogic-web-app>

• 部署

将利用打包war部署weblogic

• 测试

➜  curl -v http://192.168.1.23:7001/definetool/security*   Trying 192.168.1.23...* TCP_NODELAY set* Connected to 192.168.1.23 (192.168.1.23) port 7001 (#0)> GET /definetool/security HTTP/1.1> Host: 192.168.1.23:7001> User-Agent: curl/7.54.0> Accept: */*> < HTTP/1.1 401 Unauthorized< Date: Tue, 11 May 2021 11:57:20 GMT< Content-Length: 1468< Content-Type: text/html; charset=UTF-8< 

加上token（token名称为YUFU_REMOTE_USER)定义在配置文件里

➜ curl -v http://192.168.1.23:7001/definetool/security -H 'YUFU_REMOTE_USER:helen'*   Trying 192.168.1.23...* TCP_NODELAY set* Connected to 192.168.1.23 (192.168.1.23) port 7001 (#0)> GET /definetool/security HTTP/1.1> Host: 192.168.1.23:7001> User-Agent: curl/7.54.0> Accept: */*> YUFU_REMOTE_USER:helen> < HTTP/1.1 200 OK< Date: Tue, 11 May 2021 11:59:31 GMT< Transfer-Encoding: chunked< Content-Type: text/html; charset=UTF-8< X-ORACLE-DMS-ECID: c813593f0a2fd3cb:70daab41:17959480e1c:-8000-0000000000000034< Set-Cookie: JSESSIONID=JNNbS-fvPiFe2u2upP13qyykiOvQ8IlLLLxd7m2_GSWEhlwUQlrd!686904248; path=/; HttpOnly< remoteUser:helen<br/>Principal Name: helen<br/>Authentication Type: CLIENT_CERT* Connection #0 to host 192.168.1.23 left intact<br/>%                                                      

验证通过

源码

所有代码都已提交至gitlab欢送star