stackoom
  简体   繁体   中英

Servlet 3.0 AsyncContext and EJB @RolesAllowed in JBoss

 原文  2014-11-25 09:38:05       java/ security/ servlets/ asynchronous/ jboss

Question

reading new Servlet 3.0 specifications, I found startAsynch method for HttpServletRequest, which claims to make things in asynchronous way propagating the right contextual information to the passed runnable.

I wrote this code inside doGet method of my servlet: 

@EJB  
private EJBManagerLocal manager;  

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {  
     if(request.getUserPrincipal() != null && request.isUserInRole("admin"))  
          //Method protected by @RolesAllowes("admin") annotation EJB-side  
          manager.verify();  

     final AsyncContext ctx = request.startAsync(request,response);  
     ctx.start(new Runnable(){  
          HttpServletRequest = (HttpServletRequest)ctx.getRequest();  
          if(request.getUserPrincipal() != null && request.isUserInRole("admin"))  
               //Method protected by @RolesAllowes("admin") annotation EJB-side  
               manager.verify();  
     });  
}

When calling manager.verify() the first time, outside AsyncContext everything works fine, but when entering inside the Runnable in debug, i can see that, even the 'if' is succesfully passed (so the principal has been correctly propagated to the Runnable in AsyncContext), when calling the EJB method protected by the @RolesAllowed annotation, JBoss throws an exception saying that "The invocation of method verify" is not allowed.

Can anyone help me?

Platform: JBoss EAP 6.2.0

EDIT: Same behavior in JBoss EAP 6.3.0

1 answers

solution1
 0 ACCPTED  2014-11-25 20:47:42

which claims to make things in asynchronous way propagating the right contextual information to the passed runnable.

The propagation to runnable is met, you are able to access the principal and their roles. 

if(request.getUserPrincipal() != null && request.isUserInRole("admin"))

I think the best approach for ejb asynchronous invocations is use @Asynchronous annotation.

See also: Asynchronous Method Invocation

EDIT:

According Java™ Servlet Specification Version 3.0 :

Java Enterprise Edition features such as Section 15.2.2, “Web Application Environment” on page 15-174 and Section 15.3.1, “Propagation of Security Identity in EJB™ Calls” on page 15-176 are available only to threads executing the initial request or when the request is dispatched to the container via the AsyncContext.dispatch method. Java Enterprise Edition features may be available to other threads operating directly on the response object via the AsyncContext.start(Runnable) method.

See this thread in jboss forum, is a similar problem: Anonymous principal when invoking EJB from a thread inside a servlet .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AsyncContext in Servlet 3.0 infinite browser loading parse String to Date on servlet (EJB3, Jboss) How to call EJB 3.0 by external Servlet Java Servlet 3.0 server push: Sending data multiple times using same AsyncContext How to set @RolesAllowed dynamically in EJB 3 What is the equivalent implementation of service POJOs (jBoss services in jboss 6 AS) of EJB 3.0 in EJB - 3.2 SLF4J Log4J Jboss 4.3 and EJB 3.0 How create a JOB with EJB 3.0 inside JBOSS 4.3 looking up remote an EJB3 from a servlet with Jboss AS 7 Servlet 2.5 injection of EJB3.0, all packaged as WAR
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM