@RunAs用于@WebService EJB
[英]@RunAs for @WebService EJB
问题描述
I have an anonymous WebService EJB - webservice calls are working poperly. 
我有一个匿名的WebService EJB - webservice调用工作正常。
Now I want the WebService to RunAs as a specific SecurityRole. 现在我希望WebService将RunAs作为特定的SecurityRole。
At the Webservice I have following Annotations: 在Webservice我有以下注释:
@Stateless
@WebService
@DeclareRoles({ "LoggedUser" })
@SecurityDomain("my-jboss-real")
@RunAs("LoggedUser")
public class MyWebService { ...
Now I want to access a @EJB with @RolesAllowed({"LoggedUser"}) from an Webservice Method there I get: 现在我想从@RolesAllowed({"LoggedUser"})服务方法访问带有@RolesAllowed({"LoggedUser"})的@EJB ,我得到:
ERROR [org.jboss.aspects.tx.TxPolicy] javax.ejb.EJBTransactionRolledbackException: javax.ejb.EJBAccessException.message: 'Caller unauthorized'
WARN [org.jboss.ejb3.stateless.StatelessBeanContext] EJBTHREE-1337: do not get WebServiceContext property from stateless bean context, it should already have been injected
ERROR [org.jboss.ws.core.jaxws.SOAPFaultHelperJAXWS] SOAP request exception
javax.ejb.EJBTransactionRolledbackException: javax.ejb.EJBAccessException.message: 'Caller unauthorized'
at org.jboss.ejb3.tx.Ejb3TxPolicy.handleInCallerTx(Ejb3TxPolicy.java:115)
I'm running on JBoss 5.1GA 我正在使用JBoss 5.1GA
Is this the right use of @RunAs or is there another way to do this. 这是@RunAs的正确用法还是有另一种方法可以做到这一点。
Edit 编辑
Added: 添加:
@Resource
private WebServiceContext wsCtx;
@Resource
private EJBContext ejbCtx;
myWebServiceMethod(){
...
System.out.println("EJBCtx: " + ejbCtx.getCallerPrincipal());
System.out.println("EJBCtx: " + ejbCtx.isCallerInRole("LoggedUser"));
System.out.println("WebContext: " + wsCtx.getUserPrincipal());
System.out.println("WebContext: " + wsCtx.isUserInRole("LoggedUser"));
...
This Outputs: 此输出:
EJBCtx: anonymous
EJBCtx: false
WebContext: anonymous
WebContext: false
1 个解决方案
解决方案1
4 已采纳 2012-09-22 19:28:30
JBoss AS 5 and especially 6 are very buggy with regard to a security context and @RunAs in anything but the most basic usecases. 除了最基本的用例之外,JBoss AS 5和尤其是6在安全上下文和@RunAs方面都非常缺陷。
A large number of those bugs have been fixed in AS 7. You could try to setup a test case there and see if you run into the same issue. 在AS 7中修复了大量这些错误。您可以尝试在那里设置测试用例,看看是否遇到了同样的问题。
Do realize that @RunAs does not apply to the code that runs in the bean on which the annotation is applied. 要意识到@RunAs不适用于在应用了注释的bean中运行的代码。 Instead, it only applies to beans that are called -from- that bean. 相反,它仅适用于从该bean调用的bean。 You could think of it as the "outgoing/outbound" role. 您可以将其视为“传出/传出”角色。
More troublesome is that Java EE has a serious ommission and that's that there is no way to also define a RunAs identity . 更麻烦的是Java EE有一个严重的遗漏,那就是没有办法定义RunAs 身份 。 Some servers don't react well when you define a RunAs role for the "unauthenticated" identity. 当您为“未经身份验证的”身份定义RunAs角色时,某些服务器的反应不佳。 JBoss has a proprietary annotation for the RunAs identify. JBoss具有RunAs标识的专有注释。 You might want to try if this takes you a step further. 如果这会让您更进一步,您可能想尝试一下。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.