java - 从静态方法返回 EJB 远程服务引发异常：[Security:090398]Invalid Subject

Question

我有几年的 Java 和 EJB 经验，但我仍然无法解释这个问题，尽管我已经知道修复...

拜托，谁能帮我解释一下为什么？非常感谢！

我的平台是 weblogic10.3.2 和 javaee5.0

好的，问题是当我以一种方法调用远程 EJB 时，这意味着有关 EJB 的所有内容都在一种方法中，然后就可以按预期进行。

但是当我只是从帮助类的静态方法中返回远程服务对象，并在 servlet 中调用服务时，我得到了

java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]，其中“sundan076”是用户登录Web应用程序，“V_USERNAME”是访问远程EJB服务的用户名。

正确的方法，调用方法directCall(param)。
错误的方式，调用方法staticToolCall(final Map param)。

小服务程序：

public class EJBServletClient extends HttpServlet
{
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
    {
        this.doPost(request, response);
    }

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
        IOException
{

    Context context = null;
    try
    {
        Map<String, String> param = new HashMap<String, String>();
        param.put("CTS_CUSTOMER_ID", request.getParameter("CTS_CUSTOMER_ID"));
        param.put("CTS_TASK_ID", request.getParameter("CTS_TASK_ID"));
        param.put("SERIALNO", request.getParameter("SERIALNO"));
        param.put("CUSTOMER_SERVICE_UM", request.getParameter("CUSTOMER_SERVICE_UM"));

        Thread t=Thread.currentThread();
        System.out.println("thread:"+t);

        //Map result = this.staticToolCall(param);
        Map result = this.directCall(param);

        System.out.println(result);
    } catch (Exception e)
    {
        e.printStackTrace();
        throw new ServletException(e);
    }finally
    {
        if (context != null)
        {
            try
            {
                context.close();
            } catch (NamingException e)
            {
                e.printStackTrace();
            }
        }
    }

}

private Map directCall(Map param) throws Exception
{
    Context context = null;
    try
    {
        Properties p = new Properties();
        p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
        p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
        p.put(Context.SECURITY_PRINCIPAL, "V_USERNAME");
        p.put(Context.SECURITY_CREDENTIALS, "V_PASSWORD");
        context = new InitialContext(p);
        BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
                context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
        BizApplyService bizApplyService = home.create();
        return bizApplyService.modifyApplyCustomerInfo(param);
    } finally
    {
        if (context != null)
        {
            context.close();
        }
    }
}

private Map staticToolCall(final Map param) throws Exception
{
    BizApplyService bizApplyService = EJBTool.getBizApplyService();
    return bizApplyService.modifyApplyCustomerInfo(param);
}
}

助手类

public class EJBTool

{

public static BizApplyService getBizApplyService() throws Exception
{
    Context context = null;
    try
    {
        Thread t=Thread.currentThread();
        System.out.println("thread:"+t);
        Properties p = new Properties();
        p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
        p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
        p.put(Context.SECURITY_PRINCIPAL, "V_USERNAME");
        p.put(Context.SECURITY_CREDENTIALS, "V_PASSWORD");
        context = new InitialContext(p);
        BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
                context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
        return home.create();
    } finally
    {
        if (context != null)
        {
            context.close();
        }
    }
}
}

和例外：

java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at com.pingan.rcs.css.biz.service.remote.ejb.bizApplyService_u7jjbk_EOImpl_1032_WLStub.modifyApplyCustomerInfo(Unknown Source)
at com.pingan.pafax.web.EJBServletClient.staticToolCall(EJBServletClient.java:80)
at com.pingan.pafax.web.EJBServletClient.doPost(EJBServletClient.java:43)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:835)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:524)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:315)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:875)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:310)
at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1138)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1020)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:882)
at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:453)
at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:854)
at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)