我正在尝试调用部署在远程glassfish(3.1.2)实例上的EJB。客户端是普通的java,不能在容器中运行。
当没有设置声明性权限时(即没有@RolesAllowed),它可以工作。但是,当我添加它时,我得到异常,我不允许调用该方法。我使用SessionContext(getCallerPrincipal)检查了主体名称,发现它与用户ANONYMOUS一起运行。
我试图在客户端关注,但它似乎仍然是EJB端的匿名用户。
客户代码:
System.setProperty("java.security.auth.login.config", "auth.conf");
ProgrammaticLogin pl = new ProgrammaticLogin();
pl.login("user1", "pass123", "file", true));
Properties props = new Properties();
props.setProperty("java.naming.factory.initial", "com.sun.enterprise.naming.SerialInitContextFactory");
props.setProperty("java.naming.factory.url.pkgs", "com.sun.enterprise.naming");
props.setProperty("java.naming.factory.state", "com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl");
props.setProperty(Context.SECURITY_PRINCIPAL, "user1");
props.setProperty(Context.SECURITY_CREDENTIALS, "pass123");
props.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
props.setProperty("org.omg.CORBA.ORBInitialPort", "3700");
InitialContext ic = new InitialContext(props);
MyBean bean = (MyBean)ic.lookup(MyBean.class.getName());
验证文件:
default {
com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=true;};
server.policy(domains / domain1 / config.server.policy)
grant codeBase "file:${com.sun.aas.installRoot}/domains/domain1/applications/core-ear/-" {
permission com.sun.appserv.security.ProgrammaticLoginPermission
"login";
};
这是我在服务器日志中看到的:
[#|2013-12-11T08:22:22.462+0100|INFO|glassfish3.1.2|javax.enterprise.system.core.security|_ThreadID=154;_ThreadName=Thread-2;|JACC Policy Provider:Failed Permission Check: context (" core-ear/mybeans-0_0_1-SNAPSHOT_jar ") , permission (" ("javax.security.jacc.EJBMethodPermission" "MyBean" "hello,Remote,java.lang.Integer") ") |#]
[#|2013-12-11T08:22:22.464+0100|WARNING|glassfish3.1.2|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=154;_ThreadName=Thread-2;|EJB5184:A system exception occurred during an invocation on EJB MyBean, method: public java.lang.String foo.MyBean.hello(java.lang.Integer)|#]
有人知道怎么做这个吗?非常感谢帮助。