我目前正在将我的容器从JBoss AS 7更新为Wildfly 10.除了Deltaspike集成之外,迁移工作进展顺利。在JBoss AS 7 AS下,一切都按预期工作,我只需要创建自定义SecurityBindingTypes和SecurityParameterBindings。当我尝试在Wildfly 10下执行相同的编码时,我收到以下错误:
引起:java.lang.IllegalStateException:查找授权方法bean的异常 - 找不到方法的bean [class com.mimeya.deb.security.CustomAuthorizer.doSecuredComplianceReportReadAccessCheckForUnitId] 在org.apache.deltaspike.security.impl.extension.Authorizer.lazyInitTargetBean(Authorizer.java:215) 在org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:174) 在org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy.java:80) 在org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62) at org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation $ SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) 在org.jboss.weld.interceptor.proxy.WeldInvocationContext.invokeNext(WeldInvocationContext.java:83) 在org.jboss.weld.interceptor.proxy.WeldInvocationContext.proceed(WeldInvocationContext.java:115) 在org.jboss.weld.bean.InterceptorImpl.intercept(InterceptorImpl.java:108) 在org.jboss.as.weld.ejb.DelegatingInterceptorInvocationContext.proceed(DelegatingInterceptorInvocationContext.java:77) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:68) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:80) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) at org.jboss.as.ee.component.interceptors.UserInterceptorFactory $ 1.processInvocation(UserInterceptorFactory.java:63) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext $ Invocation.proceed(InterceptorContext.java:437) at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64) 在org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) 在org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) ... 144更多
作为参考,这是我们的自定义SecurityBindingType:
@Retention(value = RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Documented
@SecurityBindingType
public @interface CustomSecurityBinding {}
这是我们的自定义SecurityParameterBindings之一:
@Retention(value = RetentionPolicy.RUNTIME)
@Target(value={ElementType.PARAMETER})
@Documented
@SecurityParameterBinding
public @interface SecureComplianceReportReadAccessUnit {}
这是我调用的方法之一的一个例子:
@Secures
@CustomSecurityBinding
public boolean doSecuredComplianceReportReadAccessCheckForUnit(@SecureComplianceReportReadAccessUnit Unit unit) throws Exception {
COMPONENT component = COMPONENT.COMPLIANCE_REPORTS;
int permission = UserPermission.READ_ACCESS;
return manageSecurityBean.canUserPerformAction(userSessionBean.getUserAccess(), component.getDatabaseId(), permission, -1, -1, -1, unitId);
}
我一直在阅读一堆文档,但无济于事。我查看了快速入门指南(https://github.com/wildfly/quickstart/tree/10.x/deltaspike-authorization),JBoss Developer论坛和Deltaspike源代码本身。任何帮助或想法尝试将不胜感激。谢谢。