我在Wildfly 10上将JEE 7应用程序部署为带有EJB库的EAR。我的EJB由带有自定义LoginModule的安全域保护。我的问题是,在CustomLoginModule中,我需要访问EJB(UserRoleCacheManagerBean)才能执行某些任务。我希望此UserRoleCacheManagerBean不安全,但是根据Wildfly文档,任何未在安全域中显式保护的Bean将默认为“其他”安全域。
如果我将其添加到相同的安全域中,则存在无限循环的风险,其中需要用CustomLoginModule对我的UserRoleCacheManagerBean进行身份验证,而后者又需要调用UserRoleCacheManagerBean进行身份验证的UserRoleCacheManagerBean ,....
我尝试将@PermitAll添加到UserRoleCacheManagerBean,但无济于事。我仍然收到无效用户错误。因此,我也尝试专门为此bean定义一个“匿名”安全域(并将其映射到org.jboss.security.auth.spi.AnonLoginModule以便对其进行自动身份验证),但这也无济于事。在所有情况下,我都会收到以下错误消息:
15:13:08,069 ERROR [io.undertow.request] (default task-22) UT005023: Exception handling request to /app/: javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437)
at org.sso.keycloak.KeycloakSecurityInterceptor.aroundInvoke(KeycloakSecurityInterceptor.java:112)
at sun.reflect.GeneratedMethodAccessor265.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:45005)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.as.ejb3.component.ContainerInterceptorMethodInterceptorFactory$ContainerInterceptorMethodInterceptor.processInvocation(ContainerInterceptorMethodInterceptorFactory.java:91)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:57)
at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:66)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:632)
at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356)
at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73)
at business.caching.UserRolesCacheManager$$$view18.getUserRoles(Unknown Source)
at sun.reflect.GeneratedMethodAccessor581.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:45005)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.weld.util.reflection.Reflections.invokeAndUnwrap(Reflections.java:433)
at org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:128)
at org.jboss.weld.bean.proxy.EnterpriseTargetBeanInstance.invoke(EnterpriseTargetBeanInstance.java:56)
at org.jboss.weld.bean.proxy.InjectionPointPropagatingEnterpriseTargetBeanInstance.invoke(InjectionPointPropagatingEnterpriseTargetBeanInstance.java:67)
at org.jboss.weld.bean.proxy.ProxyMethodHandler.invoke(ProxyMethodHandler.java:100)
at business.caching.UserRolesCacheManager$775179225$Proxy$_$$_Weld$EnterpriseProxy$.getUserRoles(Unknown Source)
at business.ejb3.LoginManagerBean.getUserRoles(LoginManagerBean.java:192)
at sun.reflect.GeneratedMethodAccessor396.invoke(Unknown Source)
看来,我无法从另一个安全域中的另一个EJB调用一个安全域中的EJB。
如何指示我完全不需要此Bean?抑或,那该如何从另一个安全域调用EJB?