Accessing a secure EJB as anonymous user on Wildfly 9
Question
I have the following setup: Wildfly 9 serving remote EJB clients as well as having some TimerTask instances running that perform some logic.
Most EJB methods are called by remote clients and therefore secured (via @RolesAllowed). Now, some of these methods will also be called by TimerTask within the server, and in that case I have no principal or security context, which causes the EJB method calls to fail.
My workaround is like this:
EJB:
@RolesAllowed({"readRole"})
public void readSomething() {
this.readSomethingImpl();
}
public void readSomethingUnrestricted() {
this.readSomethingImpl();
}
The readSomething() is part of the remote interface, the readSomethingUnrestricted() is part of the local interface.
The downside is that I have a rather large set of EJB service methods and I do not want to duplicate all of them (one restricted for remote, one unrestricted for local calls).
Is there any better way to implement this?
Thanks!
1 answers
solution1
0 2017-02-15 00:02:41
通过使用@ javax.annotation.security.RunAs(“ readRole”)注释计时器任务,您应该能够完成所需的工作。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.