javax.ejb.EJBAccessException 使用 CustomAuthMechanism 登录后用户无效,但我有权 page.xhtml
javax.ejb.EJBAccessException Invalid User after log in with CustomAuthMechanism but I have permissions to page.xhtml
环境:
- Jboss 7.2
- Java11
我尝试在通过 CustomAuthenticationMechanism 登录后使用 @RolesAllowed 调用方法 CompanyService.findFirst(),但 EJBContainer 似乎不知道我的权限。
我加载了显示我有角色 AF_ADMIN 的页面 login-private.xhtml 但是当我调用 findFirst() 时我得到 javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
我应该授予或告知 EJB 授权权限吗?
我错过了什么吗?
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-app>
<security-domain>jaspitest</security-domain>
</jboss-app>
公司服务
@Stateless
@RolesAllowed("**")
public class CompanyService extends BusinessService<Company> implements CompanyServiceable {
public CompanyService() {
super(Company.class);
}
@Override
public List<Company> findFirst() throws AppException {
...
}
...
CustomAuthenticationMechanism
@AutoApplySession
@LoginToContinue
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject
private IdentityStoreHandler idStoreHandler;
//@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String ticket = request.getParameter("ticket");
if (ticket != null) {
CredentialValidationResult result = idStoreHandler.validate(new UsernamePasswordCredential(ticket, Arrays.toString("LOGIN_PASSWORD")));
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(result);
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
}
login-private.xhtml 显示我有 AF_ADMIN
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
Jboss/Wildfly 独立配置的默认安全域为 other,它不会将身份验证传播到 ejb,因此,作为解决方法,我们可以从 standalone.xml 让它工作。
<!--default-security-domain value="other"/-->
而且你可以毫无问题地执行ejb方法。
环境:
- Jboss 7.2
- Java11
我尝试在通过 CustomAuthenticationMechanism 登录后使用 @RolesAllowed 调用方法 CompanyService.findFirst(),但 EJBContainer 似乎不知道我的权限。 我加载了显示我有角色 AF_ADMIN 的页面 login-private.xhtml 但是当我调用 findFirst() 时我得到 javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
我应该授予或告知 EJB 授权权限吗?
我错过了什么吗?
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-app>
<security-domain>jaspitest</security-domain>
</jboss-app>
公司服务
@Stateless
@RolesAllowed("**")
public class CompanyService extends BusinessService<Company> implements CompanyServiceable {
public CompanyService() {
super(Company.class);
}
@Override
public List<Company> findFirst() throws AppException {
...
}
...
CustomAuthenticationMechanism
@AutoApplySession
@LoginToContinue
@ApplicationScoped
public class CustomAuthenticationMechanism implements HttpAuthenticationMechanism {
@Inject
private IdentityStoreHandler idStoreHandler;
//@Override
public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
final String ticket = request.getParameter("ticket");
if (ticket != null) {
CredentialValidationResult result = idStoreHandler.validate(new UsernamePasswordCredential(ticket, Arrays.toString("LOGIN_PASSWORD")));
if (result.getStatus() == VALID) {
return httpMessageContext.notifyContainerAboutLogin(result);
} else {
return httpMessageContext.responseUnauthorized();
}
}
return httpMessageContext.doNothing();
}
}
login-private.xhtml 显示我有 AF_ADMIN
...
<h1>Public</h1>
<div class="alert alert-danger" role="alert">
#{myBean.initBean()}
<h:outputText value="inRole(AF_ADMIN): #{request.isUserInRole('AF_ADMIN')}"/><br/>
<h:outputText value="requestURL: #{request.requestURL}"/><br/>
<h:outputText value="headerNames: #{request.headerNames}"/><br/>
#{requestScope['javax.servlet.error.status_code']}
#{requestScope['javax.servlet.error.message']}<br/>
#{messages['error.inesperat']}
</div>
...
Jboss/Wildfly 独立配置的默认安全域为 other,它不会将身份验证传播到 ejb,因此,作为解决方法,我们可以从 standalone.xml 让它工作。
<!--default-security-domain value="other"/-->
而且你可以毫无问题地执行ejb方法。