我正在尝试从简单的客户端应用程序调用部署在 glassfish 中的安全远程 ejb,但我无法验证自己的身份。
客户端:
public void go() {
try {
Context ctx = getInitialContext();
TestBeanRemote remote = (TestBeanRemote) ctx.lookup("java:global/ejbTest2/TestBean");
String result = remote.testMe();
System.out.println(result);
} catch (Exception e) {
e.printStackTrace();
}
}
private Context getInitialContext() throws NamingException, FileNotFoundException, IOException {
Properties p = new Properties();
InputStream stream = Runner.class.getResourceAsStream("jndi.properties");
assert stream != null : "jndi.properties file not found";
p.load(stream);
return new InitialContext(p);
}
客户端上的jndi.properties
java.naming.factory.initial = com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs = com.sun.enterprise.naming
java.naming.factory.state = com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
#optional. Defaults to localhost. Only needed if web server is running
#on a different host than the appserver
org.omg.CORBA.ORBInitialHost = localhost
#optional. Defaults to 3700. Only needed if target orb port is not 3700.
org.omg.CORBA.ORBInitialPort = 3700
java.naming.security.principal = test
java.naming.security.credentials = test
EJB
@Stateless(description = "A simple bean to learn the ins and outs of ejbs")
@DeclareRoles({ Roles.ADMIN, Roles.USER })
@RolesAllowed({})
public class TestBean implements TestBeanRemote {
@Resource
private SessionContext ejbContext;
@Override
@RolesAllowed(Roles.ADMIN)
// @PermitAll
public String testMe() throws Exception {
return ejbContext.getCallerPrincipal().getName();
}
}
sun-ejb-jar
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
<security-role-mapping>
<role-name>Admin</role-name>
<group-name>Admin</group-name> <!-- As defined in container -->
</security-role-mapping>
<security-role-mapping>
<role-name>User</role-name>
<group-name>User</group-name> <!-- As defined in container -->
</security-role-mapping>
<enterprise-beans />
</sun-ejb-jar>
我已在管理控制台的“配置”>“默认配置”>“安全”>“领域”>"file">“管理用户”中添加了用户 ID“test”凭据“test”组列表“Admin”
当我使用 PermitAll 时,这会导致包含 org.omg.CORBA.NO_PERMISSION 的堆栈跟踪,并且 ejbContext.getCallerPrincipal().getName() 结果为“Anonymous”
我在这里错过了什么?
最佳答案
该线程已过时,但答案可能会对某人有所帮助。上下文中的主体和凭据将被忽略。在查找 ejb 之前,您需要使用 ProgrammaticLogin 来访问 EJB。
System.setProperty("java.security.auth.login.config", "auth.conf");
ProgrammaticLogin pl = new ProgrammaticLogin();
pl.login("user", "password");
//Now lookup the EJB and then logout
pl.logout();
如您所见,您需要设置“java.security.auth.login.config”,它指向一个文件,while 的内容应该是
default {
com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false; };
这表示您想要使用服务器上配置的默认领域,或者您也可以通过将“default”替换为领域名称(例如“file”)来显式指定领域
关于java - 从 Java 客户端应用程序调用部署在 glassfish 中的安全远程 ejb,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10370475/