我有一个用@RolesAllowed注释的方法,需要从定时器(@Schedule)调用此方法,该定时器位于另一个Ejb中。但我只获得授权例外:WARNUNG: javax.ejb.AccessLocalException: Client not authorized for this invocation
@RolesAllowed("user")
@Stateless
public class RatingService {
public void recalculateRating() {...}
}
@Singleton
@Startup
public class TimerService {
@EJB private RatingService ratingService;
@Schedule(minute = "0", hour = "*")
public void timerTriggeredRecalculate() {
this.ratingService.recalculateRating();
}
}
我接受此异常,但是如何从计时器调用@RolesAllowed受保护的方法?
我还尝试将@RunAs("user")添加到TimerService类。但后来我得到了这个例外:
SCHWERWIEGEND: SECEJB9000: Exception while running pre-invoke
java.lang.NullPointerException
at java.util.Arrays$ArrayList.<init>(Arrays.java:3357)
at java.util.Arrays.asList(Arrays.java:3343)
at com.sun.enterprise.security.auth.realm.file.FileRealm.getGroupNames(FileRealm.java:291)
at com.sun.enterprise.security.auth.login.LoginContextDriver.loginPrincipal(LoginContextDriver.java:294)
at org.glassfish.ejb.security.application.EJBSecurityManager$2.run(EJBSecurityManager.java:825)
at com.sun.enterprise.security.common.AppservAccessController.doPrivileged(AppservAccessController.java:61)
at org.glassfish.ejb.security.application.EJBSecurityManager.loginForRunAs(EJBSecurityManager.java:823)
at org.glassfish.ejb.security.application.EJBSecurityManager.preInvoke(EJBSecurityManager.java:791)
at org.glassfish.ejb.security.application.EjbSecurityComponentInvocationHandler$1.beforePreInvoke(EjbSecurityComponentInvocationHandler.java:84)
at org.glassfish.api.invocation.InvocationManagerImpl.preInvoke(InvocationManagerImpl.java:156)
at com.sun.ejb.containers.AbstractSingletonContainer.createSingletonEJB(AbstractSingletonContainer.java:487)
at com.sun.ejb.containers.AbstractSingletonContainer.access$100(AbstractSingletonContainer.java:79)
at com.sun.ejb.containers.AbstractSingletonContainer$SingletonContextFactory.create(AbstractSingletonContainer.java:719)
at com.sun.ejb.containers.AbstractSingletonContainer.instantiateSingletonInstance(AbstractSingletonContainer.java:451)
at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:216)
at org.glassfish.ejb.startup.SingletonLifeCycleManager.initializeSingleton(SingletonLifeCycleManager.java:177)
at org.glassfish.ejb.startup.SingletonLifeCycleManager.doStartup(SingletonLifeCycleManager.java:155)
at org.glassfish.ejb.startup.EjbApplication.start(EjbApplication.java:177)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:301)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:461)
at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:240)
at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:389)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$1.execute(CommandRunnerImpl.java:348)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:363)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1085)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1200(CommandRunnerImpl.java:95)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1291)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1259)
at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:461)
at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:212)
at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179)
at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)
at com.sun.enterprise.v3.services.impl.ContainerMapper$Hk2DispatcherCallable.call(ContainerMapper.java:354)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:849)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:746)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1045)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:228)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
服务器是Glassfish 3.1.2
答案 0 :(得分:3)
您需要使用带注释@RunAs的EJB。如果timer方法是TimerService EJB公开的唯一方法,那么您可以直接将@RunAs添加到该类。否则,您将需要创建具有PrivilegedRatingService。
@RunAs EJB
(对于与TimerService发生冲突的EJB类名称,旁边javax.ejb.TimerService可能是一个糟糕的选择。)
答案 1 :(得分:0)
我还尝试将@RunAs(“user”)添加到TimerService类。但是之后 我得到了这个例外:..
该消息表明您尚未在文件领域中定义“user”。例如,在Glassfish中,使用应用程序服务器控制台访问以下内容:
Configuration->Security->Realms->file->Manage users
并添加新用户“user” - 错误消息应该消失。我有类似的问题,这是解决方案,所以也许有帮助。