我目前正在将我的容器从 JBoss AS 7 更新到 Wildfly 10。迁移进展顺利,除了 Deltaspike 集成。在 JBoss AS 7 AS 下,一切都按预期工作,我只需要创建自定义 SecurityBindingTypes 和 SecurityParameterBindings。当我尝试在 Wildfly 10 下执行相同的代码时,我收到以下错误:
原因:java.lang.IllegalStateException:查找授权方方法 bean 的异常 - 在 org.apache.deltaspike.security.impl.extension.Authorizer 中找不到方法 [class com.mimeya.deb.security.CustomAuthorizer.doSecuredComplianceReportReadAccessCheckForUnitId] 的 bean。 org.apache.deltaspike.security.impl.extension.Authorizer.authorize(Authorizer.java:174) 的lazyInitTargetBean(Authorizer.java:215) org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.invokeBeforeMethodInvocationAuthorizers(DefaultSecurityStrategy. java:80) 在 org.apache.deltaspike.security.impl.extension.DefaultSecurityStrategy.execute(DefaultSecurityStrategy.java:62) 在 org.apache.deltaspike.security.impl.extension.SecurityInterceptor.filterDeniedInvocations(SecurityInterceptor.java:44)在 sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 在 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) 在 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 在 java.lang.reflect.Method.invoke(Method. java:498) 在 org.jboss.weld.interceptor.proxy.WeldInvocationContext.invokeNext(WeldInvocationContext.java:83) 在 org.jboss.weld.interceptor.reader.SimpleInterceptorInvocation$SimpleMethodInvocation.invoke(SimpleInterceptorInvocation.java:74) 在 org .jboss.weld.interceptor.proxy.WeldInvocationContext.proceed(WeldInvocationContext.java:115) 在 org.jboss.weld.bean.InterceptorImpl.intercept(InterceptorImpl.java:108) 在 org.jboss.as.weld.ejb.DelegatingInterceptorInvocationContext .proceed(DelegatingInterceptorInvocationContext.java:77) 在 org。jboss.as.weld.ejb.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:68) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:80) at org.jboss.as.weld.ejb。 Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340 ) 在 org.jboss.as.jpa 的 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 的 org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)。拦截器.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke (AbstractEJBRequestScopeActivationInterceptor.java:64) 在 org.jboss.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在 org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83)。 as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21)在组织。jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor. java:52) 在 org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) 在 org.jboss.invocation 的 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) .InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) ... 144 更多processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org .jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) 在 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在 org.jboss.as.ejb3.tx.CMTTxInterceptor .invokeInOurTx(CMTTxInterceptor.java:275) ... 144 更多processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org .jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) 在 org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) 在 org.jboss.as.ejb3.tx.CMTTxInterceptor .invokeInOurTx(CMTTxInterceptor.java:275) ... 144 更多PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) .. . 144 更多PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) .. . 144 更多
作为参考,这是我们自定义的 SecurityBindingType:
@Retention(value = RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD})
@Documented
@SecurityBindingType
public @interface CustomSecurityBinding {}
这是我们自定义的 SecurityParameterBindings 之一:
@Retention(value = RetentionPolicy.RUNTIME)
@Target(value={ElementType.PARAMETER})
@Documented
@SecurityParameterBinding
public @interface SecureComplianceReportReadAccessUnit {}
这是我正在调用的方法之一的示例:
@Secures
@CustomSecurityBinding
public boolean doSecuredComplianceReportReadAccessCheckForUnit(@SecureComplianceReportReadAccessUnit Unit unit) throws Exception {
COMPONENT component = COMPONENT.COMPLIANCE_REPORTS;
int permission = UserPermission.READ_ACCESS;
return manageSecurityBean.canUserPerformAction(userSessionBean.getUserAccess(), component.getDatabaseId(), permission, -1, -1, -1, unitId);
}
我一直在阅读一堆文档,但无济于事。我查看了快速入门指南 ( https://github.com/wildfly/quickstart/tree/10.x/deltaspike-authorization)、JBoss开发者论坛和 Deltaspike 源代码本身。任何帮助或尝试的想法将不胜感激。谢谢你。