2

我正在尝试从一个简单的客户端应用程序调用部署在 glassfish 中的安全远程 ejb,但我无法验证自己。

客户端:

    public void go() {
    try {
        Context ctx = getInitialContext();
        TestBeanRemote remote = (TestBeanRemote) ctx.lookup("java:global/ejbTest2/TestBean");
        String result = remote.testMe();
        System.out.println(result);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

private Context getInitialContext() throws NamingException, FileNotFoundException, IOException {
    Properties p = new Properties();
    InputStream stream = Runner.class.getResourceAsStream("jndi.properties");
    assert stream != null : "jndi.properties file not found";
    p.load(stream);
    return new InitialContext(p);
}

客户端上的 jndi.properties

java.naming.factory.initial = com.sun.enterprise.naming.SerialInitContextFactory
java.naming.factory.url.pkgs = com.sun.enterprise.naming
java.naming.factory.state = com.sun.corba.ee.impl.presentation.rmi.JNDIStateFactoryImpl
#optional. Defaults to localhost. Only needed if web server is running
#on a different host than the appserver
org.omg.CORBA.ORBInitialHost = localhost
#optional. Defaults to 3700. Only needed if target orb port is not 3700.
org.omg.CORBA.ORBInitialPort = 3700
java.naming.security.principal = test
java.naming.security.credentials = test

EJB

@Stateless(description = "A simple bean to learn the ins and outs of ejbs")
@DeclareRoles({ Roles.ADMIN, Roles.USER })
@RolesAllowed({})
public class TestBean implements TestBeanRemote {

    @Resource
    private SessionContext ejbContext;

    @Override
    @RolesAllowed(Roles.ADMIN)
    // @PermitAll
    public String testMe() throws Exception {
        return ejbContext.getCallerPrincipal().getName();
    }
}

太阳-ejb-jar

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
    <security-role-mapping>
        <role-name>Admin</role-name>
        <group-name>Admin</group-name> <!-- As defined in container -->
    </security-role-mapping>
    <security-role-mapping>
        <role-name>User</role-name>
        <group-name>User</group-name> <!-- As defined in container -->
    </security-role-mapping>
    <enterprise-beans />
</sun-ejb-jar>

我在管理控制台的配置>默认配置>安全>领域>文件>管理用户中添加了用户ID“测试”凭据“测试”组列表“管理员”

当我使用 PermitAll 时,这会导致包含 org.omg.CORBA.NO_PERMISSION 和 ejbContext.getCallerPrincipal().getName() 的堆栈跟踪结果为“匿名”

我在这里错过了什么?

4

1 回答 1

2

该线程很旧,但答案可能会对某人有所帮助。上下文中的主体和凭据被忽略。在查找 ejb 之前,您需要使用 ProgrammaticLogin 来访问 EJB。

System.setProperty("java.security.auth.login.config", "auth.conf");

ProgrammaticLogin pl = new ProgrammaticLogin();
pl.login("user", "password");

//Now lookup the EJB and then logout

pl.logout();

如您所见,您需要设置“java.security.auth.login.config”,它指向一个文件,while shoule 的内容是

default {
com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false; };

这表示您想使用服务器上配置的默认领域,或者您也可以通过将“默认”替换为领域名称(例如“文件”)来明确指定领域

于 2012-10-09T11:50:56.913 回答