Ale*_*ets 12 java resteasy ejb-3.0 jboss7.x
我的应用程序中有一个受EJB安全保护的REST端点.
@Path("/somepath")
@Produces(MediaType.APPLICATION_JSON)
@Stateless
@SecurityDomain("mydomain")
@RolesAllowed({"user"})
public class MyResource extends AbstractResource
如果用户的会话超时web-app不知道,如果我尝试与它进行交互,它会获得403 FORBIDDEN,这是完全正常的.但在服务器日志中,此错误如下所示:
14:47:52,682 ERROR [org.jboss.ejb3.invocation] (http--127.0.0.1-8080-5) JBAS014134: EJB Invocation failed on component MyResource for method public java.lang.String MyResource.getSupplies(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public java.lang.String MyResource.getSupplies() of bean: MyResource is not allowed
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]
这些消息太长而且没用.我想在日志中替换它们,例如"WARN:Unauthorized access"以及一些额外的数据,但没有堆栈跟踪.我不知道怎么做,因为JBoss记录了这条消息.将不胜感激,建议我如何实现所需!
我的研究表明,一种可能的解决方案是使用JBoss AS 早期版本中存在的容器拦截器,并在 JBoss AS 7.2 中再次出现。但 7.1.1 中没有这样的东西,巧合的是,这是我的 JBoss 版本。在我的老板决定我们应该转向 WildFly 之前,我将开放赏金,以防万一有人有替代解决方案(不,我不会用补丁编译我自己的 JBoss AS)。
| 归档时间: |
|
| 查看次数: |
586 次 |
| 最近记录: |