本文探讨了在JBoss环境中使用JAAS进行安全配置的方法,包括配置jboss-web.xml、login-config.xml及login.config文件的具体步骤。同时,通过一个具体的EJB3示例,展示了如何进行身份验证并调用远程服务。文章最后分析了一个常见的异常javax.ejb.EJBAccessException: caller unauthorized的原因,并提出了可能的解决方案。
最近在研究jaas
我配置了
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/ioffice</security-domain>
</jboss-web>
login-config.xml
<application-policy name = "ioffice">
<authentication>
<login-module code ="ioffice.pub.auth.loginmodule.iofficeloginmodule" flag = "required" />
</authentication>
</application-policy>
以及login.config文件
ioffice {
// a properties file loginmodule that supports callerprincipal mapping
org.jboss.security.clientloginmodule required unauthenticatedidentity=nobody;
};
我在 ejb3中进行测试
hashtable props = new hashtable();
props.put(context.initial_context_factory,
"org.jnp.interfaces.namingcontextfactory");
props.put(context.url_pkg_prefixes,
"org.jboss.naming:org.jnp.interfaces");
props.put(context.provider_url, "jnp://localhost:1099");
iofficecallbackhandler handler = new iofficecallbackhandler(
"admin@ben.ioe.cn", "admin".tochararray());
logincontext lc = new logincontext("ioffice", (callbackhandler) handler);
lc.login();
initialcontext ctx = new initialcontext(props);
basic = (publicbasic) ctx.lookup("publicbasicbean/remote");
在publicbasicbean中
@stateless
@remote(publicbasic.class)
@securitydomain("ioffice")
public class publicbasicbean implements publicbasic {
@rolesallowed({ "basicuser", "domainadministrator", "poweruser" })
public java.util.collection getprivatecontacts() {
try {
return xxx....
} catch (exception e) {
}
}
}
为什么出现
javax.ejb.ejbaccessexception: caller unauthorized
at org.jboss.ejb3.security.rolebasedauthorizationinterceptorv2.invoke(rolebasedauthorizationinterceptorv2.java:199)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.security.ejb3authenticationinterceptorv2.invoke(ejb3authenticationinterceptorv2.java:186)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.encpropagationinterceptor.invoke(encpropagationinterceptor.java:41)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.blockcontainershutdowninterceptor.invoke(blockcontainershutdowninterceptor.java:67)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.aspects.currentinvocation.currentinvocationinterceptor.invoke(currentinvocationinterceptor.java:67)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.stateless.statelesscontainer.dynamicinvoke(statelesscontainer.java:421)
at org.jboss.ejb3.session.invokablecontextclassproxyhack._dynamicinvoke(invokablecontextclassproxyhack.java:53)
at org.jboss.aop.dispatcher.invoke(dispatcher.java:91)
at org.jboss.aspects.remoting.aopremotinginvocationhandler.invoke(aopremotinginvocationhandler.java:82)
希望高手能给解决一下,并给讲讲jaas
我配置了
jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/ioffice</security-domain>
</jboss-web>
login-config.xml
<application-policy name = "ioffice">
<authentication>
<login-module code ="ioffice.pub.auth.loginmodule.iofficeloginmodule" flag = "required" />
</authentication>
</application-policy>
以及login.config文件
ioffice {
// a properties file loginmodule that supports callerprincipal mapping
org.jboss.security.clientloginmodule required unauthenticatedidentity=nobody;
};
我在 ejb3中进行测试
hashtable props = new hashtable();
props.put(context.initial_context_factory,
"org.jnp.interfaces.namingcontextfactory");
props.put(context.url_pkg_prefixes,
"org.jboss.naming:org.jnp.interfaces");
props.put(context.provider_url, "jnp://localhost:1099");
iofficecallbackhandler handler = new iofficecallbackhandler(
"admin@ben.ioe.cn", "admin".tochararray());
logincontext lc = new logincontext("ioffice", (callbackhandler) handler);
lc.login();
initialcontext ctx = new initialcontext(props);
basic = (publicbasic) ctx.lookup("publicbasicbean/remote");
在publicbasicbean中
@stateless
@remote(publicbasic.class)
@securitydomain("ioffice")
public class publicbasicbean implements publicbasic {
@rolesallowed({ "basicuser", "domainadministrator", "poweruser" })
public java.util.collection getprivatecontacts() {
try {
return xxx....
} catch (exception e) {
}
}
}
为什么出现
javax.ejb.ejbaccessexception: caller unauthorized
at org.jboss.ejb3.security.rolebasedauthorizationinterceptorv2.invoke(rolebasedauthorizationinterceptorv2.java:199)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.security.ejb3authenticationinterceptorv2.invoke(ejb3authenticationinterceptorv2.java:186)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.encpropagationinterceptor.invoke(encpropagationinterceptor.java:41)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.blockcontainershutdowninterceptor.invoke(blockcontainershutdowninterceptor.java:67)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.aspects.currentinvocation.currentinvocationinterceptor.invoke(currentinvocationinterceptor.java:67)
at org.jboss.aop.joinpoint.methodinvocation.invokenext(methodinvocation.java:102)
at org.jboss.ejb3.stateless.statelesscontainer.dynamicinvoke(statelesscontainer.java:421)
at org.jboss.ejb3.session.invokablecontextclassproxyhack._dynamicinvoke(invokablecontextclassproxyhack.java:53)
at org.jboss.aop.dispatcher.invoke(dispatcher.java:91)
at org.jboss.aspects.remoting.aopremotinginvocationhandler.invoke(aopremotinginvocationhandler.java:82)
希望高手能给解决一下,并给讲讲jaas
扫一扫
6360
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
