Wildfly 10 - 域模式下的身份验证失败

Question

我遇到了误会的情况.

我尝试在Ubuntu 16.04上设置Wildfly 10.1.0以在域模式下工作.为了测试我有额外的虚拟机.

基本系统:域控制器

虚拟机:主机控制器

一般来说,配置我正在使用wildfly文档,但它不能正常工作.

没有身份验证主机服务器可以连接到域控制器,但是当我想要使用身份验证时会出现问题 - 有一些我不理解的奇怪行为.

在域控制器上:

1. 在host-master.xml中设置所有内容
2. 使用以下选项创建管理用户:

用户:测试

密码:测试

此新用户是否将用于一个AS进程以连接到另一个AS进程？例如,对于连接到主服务器的从属主机控制器或用于服务器到服务器EJB调用的远程连接.是/否？是表示用户将以下内容添加到server-identityities定义secret value ="dGVzdA =="

3.server启动没有问题使用 domain.sh --host-config=host-master.xml

在主机控制器上:

1. 使用机密值设置host-slave.xml中的所有内容:

           <security-realm name="ManagementRealm">
               <server-identities>
                   <secret value="dGVzdA==" />
               </server-identities>
               <authentication>
                   <local default-user="$local" skip-group-loading="true"/>
                   <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
               </authentication>
               <authorization map-groups-to-roles="false">
                   <properties path="mgmt-groups.properties" relative-to="jboss.domain.config.dir"/>
               </authorization>
           </security-realm>
   

   2. 使用domain.sh启动服务器--host-config = host-slave.xml

当我启动服务器时获取以下错误:

*[主机控制器] 22:23:03,553 WARN [org.jboss.as.host.controller]**(控制器启动线程)WFLYHC0001:无法连接到远程域控制器远程://192.168.56.1:9999 - java .lang.IllegalStateException:WFLYHC0043:由于身份验证失败而无法连接.*

./domain.sh --host-config=host-slave.xml
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /home/test1/Warsztat/wildfly

  JAVA: java

  JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true

=========================================================================

22:22:59,931 INFO  [org.jboss.modules] (main) JBoss Modules version 1.5.2.Final
22:23:00,212 INFO  [org.jboss.as.process.Host Controller.status] (main) WFLYPC0018: Starting process 'Host Controller'
[Host Controller] 22:23:01,207 INFO  [org.jboss.modules] (main) JBoss Modules version 1.5.2.Final
[Host Controller] 22:23:01,521 INFO  [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
[Host Controller] 22:23:01,586 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) starting
[Host Controller] 22:23:02,624 INFO  [org.xnio] (MSC service thread 1-1) XNIO version 3.4.0.Final
[Host Controller] 22:23:02,634 INFO  [org.xnio.nio] (MSC service thread 1-1) XNIO NIO Implementation Version 3.4.0.Final
[Host Controller] 22:23:02,741 WARN  [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /home/test1/Warsztat/wildfly/domain/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
[Host Controller] 22:23:02,752 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 4.0.21.Final
[Host Controller] 22:23:02,834 INFO  [org.jboss.as.remoting] (MSC service thread 1-1) WFLYRMT0001: Listening on 192.168.56.111:9999
[Host Controller] 22:23:03,553 WARN  [org.jboss.as.host.controller] **(Controller Boot Thread) WFLYHC0001: Could not connect to remote domain controller remote://192.168.56.1:9999 -- java.lang.IllegalStateException: WFLYHC0043: Unable to connect due to authentication failure.**
[Host Controller] 22:23:03,554 WARN  [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0147: No domain controller discovery options remain.
[Host Controller] 22:23:03,555 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0002: Could not connect to master. Aborting. Error was: java.lang.IllegalStateException: WFLYHC0120: Tried all domain controller discovery option(s) but unable to connect
[Host Controller] 22:23:03,556 FATAL [org.jboss.as.host.controller] (Controller Boot Thread) WFLYHC0178: Aborting with exit code 99
[Host Controller] 22:23:03,603 INFO  [org.jboss.as] (MSC service thread 1-2) WFLYSRV0050: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) stopped in 22ms
[Host Controller] 
22:23:04,063 INFO  [org.jboss.as.process.Host Controller.status] (reaper for Host Controller) WFLYPC0011: Process 'Host Controller' finished with an exit status of 99
22:23:04,066 INFO  [org.jboss.as.process] (Thread-8) WFLYPC0017: Shutting down process controller
22:23:04,066 INFO  [org.jboss.as.process] (Thread-8) WFLYPC0016: All processes finished; exiting

但是,如果我在主机控制器上将name ="test"添加到host-slave.xml文件,如下所示(名称必须与在域控制器中创建的用户管理相同),它可以工作!

<host xmlns="urn:jboss:domain:4.2" name="test">

我完全不理解它,我找不到任何解释那种情况？任何机构都知道我为什么要添加name ="test"？

Answer 1

好的 - 我找到了解释.

在Security Realms文档中,有关如何为身份验证定义自己的用户名的信息:

默认情况下,当从属主机控制器对主域控制器进行身份验证时,它将使用其配置的名称作为其用户名.如果要覆盖用于身份验证的用户名,可以将username属性添加到元素中.

在我的情况下,我必须添加如下的用户名:

<domain-controller>
        <remote security-realm="ManagementRealm" username="atest">
            <discovery-options>
                <static-discovery name="primary" protocol="${jboss.domain.master.protocol:remote}" host="${jboss.domain.master.address:192.168.56.1}" port="${jboss.domain.master.port:9999}"/>
            </discovery-options>
        </remote>
</domain-controller>

现在我可以自由设置名称.