我从正在迁移到 JBoss Wildfly 的应用程序中收到以下错误,并且我在 Google 上搜索后未能找到此特定错误。
还有其他人看过这个吗?
原因和/或解决方案是什么?
我们在 Wildfly 中看到此错误。我们在 AS 中没有看到错误。
编辑:启动时发生此错误。使用 @Startup 注释调用该方法。
12:43:34,442 ERROR [org.jboss.as.ejb3.invocation] (schema_update_thread) WFLYEJB0034: EJB Invocation failed on component DBSchemaUpdateBean for method public void com.mycompany.myappserver.ejb.DBSchemaUpdateBean.processUpdates(com.mycompany.myappserver.config.sql.DBType) throws java.lang.Exception: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public void com.mycompany.myappserver.ejb.DBSchema
UpdateBean.processUpdates(com.mycompany.myappserver.config.sql.DBType) throws java.lang.Exception of bean: DBSchemaUpdateBean is not allowed
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:66)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64)
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340)
at …我花了几个小时在嵌入式Jetty 9.1.0.v20131115和RESTEasy 3.0.5.Final中安装自定义登录服务.我的登录服务将在数据库中查找用户并为其分配角色.它看起来像这样:
final Constraint restConstraint = new Constraint();
restConstraint.setName(Constraint.__BASIC_AUTH);
restConstraint.setRoles(new String[]{"user", "admin");
restConstraint.setAuthenticate(true);
final ConstraintMapping restConstraintMapping = new ConstraintMapping();
restConstraintMapping.setConstraint(restConstraint);
restConstraintMapping.setPathSpec("/api/*");
final ConstraintSecurityHandler restSecurityHandler = new ConstraintSecurityHandler();
final LoginService myLoginService = new MyLoginService();
restSecurityHandler.setAuthenticator(new BasicAuthenticator());
restSecurityHandler.setRealmName(myLoginService.getName());
restSecurityHandler.addConstraintMapping(restConstraintMapping);
restSecurityHandler.setLoginService(myLoginService);
我有用户joe-user谁拥有的角色user,和jane-admin谁既有user和admin角色.我有一个GET名为的REST 资源my-resource:
@RolesAllowed("admin")
当我做一个HTTP GET上my-resource的浏览器中正确请求凭据,我可以登录,无论是joe-user或jane-admin.问题是任何一个用户都被允许GET my-resource!!
我已经跟踪了一些Jetty代码,事实上,由于我的登录服务,Jetty要求登录用户支持哪些角色.不幸的是,无论用户如何,Jetty都会接受我指定的任何角色restConstraint.setRoles(new String[]{"user", "admin").
显然,RESTEasy层应该识别@RolesAllowed("admin")注释并验证用户.但是我如何让RESTEasy做到这一点?
我正在使用JAX-RS使用平针织实现.我正在尝试使用Tomcat 6使用BASIC身份验证来验证我的服务.
这是代码:
@Path("/authenticate")
@RolesAllowed({"Admin","Guest"})
public class BasicAuthenticationSecurity {
@GET
@Path("/wbiPing")
@Produces(MediaType.TEXT_PLAIN)
@RolesAllowed("Admin")
public Response wbiPing(){
System.out.println("Pinged!!!");
return Response.ok("Pinged!!!").build();
}
}
当我尝试使用注释我的方法时@RolesAllows,我收到编译错误:
@RolesAllows cannot be resolved to a type
请让我知道如何解决这个问题?这需要任何特定的罐子/ API?
编辑:
web.xml中
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>
com.security;
com.exception
</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.RolesAllowedResourceFilterFactory</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>BasicDemo</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<!-- The realm name is typically displayed by the browser in the login …