调用远程ejb使用Wildfly 9.0.1返回无效用户
[英]call remote ejb returns Invalid User using Wildfly 9.0.1
问题描述
I can successfully call a remote EJB if I am using a default security domain set-up in wildfly. 
如果我在wildfly中使用默认的安全域设置,则可以成功调用远程EJB。 I guest this security domain is not checking any user credentials at all. 我认为这个安全域根本不检查任何用户凭据。 I encounter the exception below after implementing or using a security domain that checks username and password in database. 在实现或使用检查数据库中用户名和密码的安全域后,我在下面遇到异常。
I cannot figure out what I am missing. 我无法弄清楚我缺少什么。 I hope someone here can point me in a right direction. 我希望这里有人可以指出正确的方向。
Exception: 例外:
Exception in thread "main" javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69)
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49)
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97)
...
jboss-ejb3.xml: jboss-ejb3.xml:
<jboss:jboss
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:security:1.1"
version="3.1" impl-version="2.0">
<assembly-descriptor>
<s:security>
<!-- Even wildcard * is supported -->
<ejb-name>*</ejb-name>
<!-- Name of the security domain which is configured in the EJB3 subsystem -->
<s:security-domain>ejb-database-policy</s:security-domain>
</s:security>
</assembly-descriptor>
standalone.xml standalone.xml
<security-domain name="ejb-database-policy" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jdbc/mysqlds"/>
<module-option name="principalsQuery" value="SELECT user_password FROM app_user WHERE username=?"/>
<module-option name="rolesQuery" value="SELECT role, 'Roles' FROM user_role WHERE username=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
TestRemote.java TestRemote.java
public class TestRemote {
public static void main(String[] args) {
new TestRemote().exec();
}
public void exec() {
try {
Hashtable prop = new Hashtable();
prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
prop.put(Context.PROVIDER_URL, "http-remoting://127.0.0.1:8080");
prop.put(Context.SECURITY_PRINCIPAL, "anonymous");
prop.put(Context.SECURITY_CREDENTIALS, "admin");
prop.put("jboss.naming.client.ejb.context", true);
Context context = new InitialContext(prop);
final String ejb = "/MyAppEar/MyAppEjb//UserBean!com.test.controller.UserBeanRemote";
UserBeanRemote bean = (UserBeanRemote)context.lookup(ejb);
List<AppUser> users = bean.getUserList(null, 0, 0);
if(users != null) {
for(AppUser user: users) {
System.out.println("UserID: " + user.getUserId() + ", username:" + user.getUsername());
}
} else {
System.out.println("User list is empty");
}
} catch(NamingException e) {
e.printStackTrace();
}
}
}
Thanks, Bell 谢谢贝尔
1 个解决方案
解决方案1
1 已采纳 2016-08-31 00:00:55
Problem solved. 问题解决了。
Here are the additional step/set-up that I did. 这是我所做的其他步骤/设置。
1) In standalone.xml, I change ApplicationRealm authentication to JAAS. 1)在standalone.xml中,我将ApplicationRealm身份验证更改为JAAS。
<security-realm name="ApplicationRealm">
<authentication>
<jaas name="ejb-database-policy"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
2) In TestRemote.java, I add prop.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); 2)在TestRemote.java中,添加prop.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
Thats it. 而已。
Thanks, Bell 谢谢贝尔
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.