如何在Java EE7 Rest应用程序中启用身份验证/授权?获取"客户端未获得此调用的授权"

时间:2014-06-06 10:21:35

标签: java rest glassfish basic-authentication java-ee-7

我已经在墙上撞了很长时间了,尝试使用注释在Java EE7 REST应用程序上启用身份验证/授权。无论我怎么努力,我都会遇到这个错误:

[2014-06-06T10:25:35.051+0200] [glassfish 4.0] [WARNING] [] [javax.enterprise.system.container.ejb.com.sun.ejb.containers] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135051] [levelValue: 900] [[

javax.ejb.AccessLocalException: Client not authorized for this invocation
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1895)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at com.sun.proxy.$Proxy453.findAll(Unknown Source)
at se.tonttu.triagebackend.service.__EJB31_Generated__CategoryFacadeREST__Intf____Bean__.findAll(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:323)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
]]

经过一些谷歌搜索后,我发现有人建议删除glassfish/domains/domain1/generated/policy文件夹,但这没有效果。我还将日志记录级别设置为FINE,它提供了相关的日志条目:

[2014-06-06T10:25:35.041+0200] [glassfish 4.0] [FINE] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135041] [levelValue: 500] [CLASSNAME: com.sun.enterprise.security.provider.BasePolicyWrapper] [METHODNAME: doImplies] [[
JACC Policy Provider, failed Permission Check at :
java.lang.Exception
at com.sun.enterprise.security.provider.BasePolicyWrapper.doImplies(BasePolicyWrapper.java:408)
at com.sun.enterprise.security.provider.BasePolicyWrapper.implies(BasePolicyWrapper.java:250)
at org.glassfish.ejb.security.application.EJBSecurityManager.authorize(EJBSecurityManager.java:761)
at com.sun.ejb.containers.BaseContainer.authorize(BaseContainer.java:2324)
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1894)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at com.sun.proxy.$Proxy453.findAll(Unknown Source)
at se.tonttu.triagebackend.service.__EJB31_Generated__CategoryFacadeREST__Intf____Bean__.findAll(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:323)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
]]

[2014-06-06T10:25:35.044+0200] [glassfish 4.0] [INFO] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135044] [levelValue: 800] [[
JACC Policy Provider: Failed Permission Check, context(triagebackend/triagebackend_internal)- permission(("javax.security.jacc.EJBMethodPermission" "CategoryFacadeREST" "findAll,Local,"))]]

以及:

[2014-06-06T10:25:35.048+0200] [glassfish 4.0] [FINE] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135048] [levelValue: 500] [CLASSNAME: com.sun.enterprise.security.provider.BasePolicyWrapper$2] [METHODNAME: run] [[
Domain that failed(ProtectionDomain  (file:/triagebackend/triagebackend_internal <no signer certificates>)
null
<no principals>
java.security.Permissions@1dacedc (
("java.security.SecurityPermission" "getProperty.package.definition")
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "java.version" "read")
("java.util.PropertyPermission" "os.arch" "read")
("java.util.PropertyPermission" "java.specification.vendor" "read")
("java.util.PropertyPermission" "java.vm.specification.name" "read")
("java.util.PropertyPermission" "*" "read,write")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "file.separator" "read")
("java.util.PropertyPermission" "line.separator" "read")
("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
("java.util.PropertyPermission" "java.specification.name" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
("java.util.PropertyPermission" "java.vendor" "read")
("java.util.PropertyPermission" "java.vm.version" "read")
("java.util.PropertyPermission" "java.vm.name" "read")
("java.util.PropertyPermission" "java.vm.specification.version" "read")
("java.util.PropertyPermission" "os.name" "read")
("java.util.PropertyPermission" "java.class.version" "read")
("java.net.SocketPermission" "localhost:0" "listen,resolve")
("java.net.SocketPermission" "*" "connect,resolve")
(unresolved javax.security.jacc.EJBMethodPermission MaincategoryFacadeREST count,Local,)
(unresolved javax.security.jacc.EJBMethodPermission Ksh97FacadeREST remove,Local,java.lang.Object)
(unresolved javax.security.jacc.EJBMethodPermission SolutionFacadeREST remove,Local,java.lang.Object)
*****[I've removed a lot of similar log entries here]*****
(unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
(unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
("java.io.SerializablePermission" "enableSubstitution")
("java.lang.RuntimePermission" "modifyThreadGroup")
("java.lang.RuntimePermission" "getProtectionDomain")
("java.lang.RuntimePermission" "queuePrintJob")
("java.lang.RuntimePermission" "loadLibrary.*")
("java.lang.RuntimePermission" "accessDeclaredMembers")
("java.lang.RuntimePermission" "getClassLoader")
("java.lang.RuntimePermission" "closeClassLoader")
("java.lang.RuntimePermission" "stopThread")
("java.lang.RuntimePermission" "setContextClassLoader")
("javax.management.MBeanTrustPermission" "register")
("javax.management.MBeanPermission" "[com.sun.messaging.jms.*:*]" "*")
("java.io.FilePermission" "/tmp/-" "delete")
("java.io.FilePermission" "/home/kalle/glassfish-4.0/glassfish/domains/domain1/lib/databases/-" "delete")
("java.io.FilePermission" "<<ALL FILES>>" "read,write")
("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential * "*"" "read")
)

到目前为止,我只尝试在一个入口点实现此功能,这就是代码的样子。首先,我宣布角色&#34;用户&#34; (与glassfish服务器上的组名相同),然后由RolesAllowed进一步使用。所有其他API调用都保持不变,并保持正常工作。

@Stateless
@DeclareRoles({"users"})
@Path(Category.PATH)
public class CategoryFacadeREST extends AbstractFacade<Category> {
@PersistenceContext(unitName = "se.tonttu_triagebackend_war_1.0PU")
private EntityManager em;

public CategoryFacadeREST() {
    super(Category.class);
}

@GET
@RolesAllowed("users")
@Override
@Produces({"application/json"})
public Response findAll() {
    return super.findAll();
}

@Override
protected EntityManager getEntityManager() {
    return em;
}

在Glassfish中我已经在&#34;文件&#34;中添加了两个用户。服务器上的域,这也是默认域。

我已经尝试通过HTTP和HTTPS以及基本身份验证(在Chrome中使用Postman扩展程序)运行它,但它没有任何区别。

我甚至尝试通过web.xml删除注释并启用授权,遵循本指南https://blogs.oracle.com/bobby/entry/simplified_security_role_mapping,但这根本没有做任何事情。

我认为我错过了一些非常基本的东西,但我真的无法弄清楚是什么。任何帮助将不胜感激,因为进一步的谷歌搜索没有提供任何帮助。

1 个答案:

答案 0 :(得分:0)

最后,我放弃了使用注释安全性,并转而使用web.xml。 web.xml无法正常工作的原因是因为我忘了包含URL的资源部分,即我错误地尝试保护/category而不是/api/category(默认情况下Netbeans设置它至/resources,但我已将其更改为/api),应该如此。

如果有人设法找出这样做的注释方式,那么请务必启发我们,因为我确信除了我之外的其他人遇到过类似的问题。

相关问题
最新问题