我正在尝试从一个简单的客户端应用程序中调用一个部署在glassfish中的安全远程ejb,但我无法对自己进行身份验证。
客户:
public void go() {
try {
Context ctx = getInitialContext();
TestBeanRemote remote = (TestBeanRemote) ctx.lookup("java:global/ejbTest2/TestBean");
String result = remote.testMe();
System.out.println(result);
} catch (Exception e) {
e.printStackTrace();
}
}
private Context getInitialContext() throws NamingException, FileNotFoundException, IOException {
Properties p = new Properties();
InputStream stream = Runner.class.getResourceAsStream("jndi.properties");
assert stream != null : "jndi.properties file not found";
p.load(stream);
return new InitialContext(p);
}
客户端上的jndi.properties
java.naming.factory.initial = com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs = com.sun.enterprise.naming
java.naming.factory.state = com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
#optional. Defaults to localhost. Only needed if web server is running
#on a different host than the appserver
org.omg.CORBA.ORBInitialHost = localhost
#optional. Defaults to 3700. Only needed if target orb port is not 3700.
org.omg.CORBA.ORBInitialPort = 3700
java.naming.security.principal = test
java.naming.security.credentials = test
EJB
@Stateless(description = "A simple bean to learn the ins and outs of ejbs")
@DeclareRoles({ Roles.ADMIN, Roles.USER })
@RolesAllowed({})
public class TestBean implements TestBeanRemote {
@Resource
private SessionContext ejbContext;
@Override
@RolesAllowed(Roles.ADMIN)
// @PermitAll
public String testMe() throws Exception {
return ejbContext.getCallerPrincipal().getName();
}
}
太阳EJB-JAR
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
<security-role-mapping>
<role-name>Admin</role-name>
<group-name>Admin</group-name> <!-- As defined in container -->
</security-role-mapping>
<security-role-mapping>
<role-name>User</role-name>
<group-name>User</group-name> <!-- As defined in container -->
</security-role-mapping>
<enterprise-beans />
</sun-ejb-jar>
我在配置&gt;管理控制台中添加了用户ID“测试”凭据“测试”组列表“管理员”。 default-config&gt;安全&gt;领域&gt;档案&gt;管理用户
当我使用PermitAll时,这导致包含org.omg.CORBA.NO_PERMISSION的堆栈跟踪和ejbContext.getCallerPrincipal()。getName()结果为“Anonymous”
我在这里错过了什么?
答案 0 :(得分:2)
这个帖子已经老了,但回答可能对某人有帮助。校长和Context中的凭据将被忽略。在ejb查找之前,您需要使用ProgrammaticLogin来访问EJB。
System.setProperty("java.security.auth.login.config", "auth.conf");
ProgrammaticLogin pl = new ProgrammaticLogin();
pl.login("user", "password");
//Now lookup the EJB and then logout
pl.logout();
正如您所看到的,您需要设置指向文件的“java.security.auth.login.config”,而shoule的内容应该是
default {
com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false; };
这表示您要使用在服务器上配置的默认域,或者您也可以通过将“default”替换为域名来明确指定域,例如“file”