请教:Jboss jaas 进行安全性验证在ejb3中

最近在研究jaas
我配置了
jboss-web.xml
<jboss-web>
      <security-domain>java:/jaas/iOffice</security-domain> 
</jboss-web>
login-config.xml
<application-policy name = "iOffice">
       <authentication>
          <login-module code ="ioffice.pub.auth.loginmodule.iOfficeLoginModule" flag = "required" />
       </authentication>
    </application-policy>
以及login.config文件
iOffice {
// A properties file LoginModule that supports CallerPrincipal mapping
    org.jboss.security.ClientLoginModule required unauthenticatedIdentity=nobody;
};
我在 EJB3中进行测试
Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
props.put(Context.URL_PKG_PREFIXES,
"org.jboss.naming:org.jnp.interfaces");
props.put(Context.PROVIDER_URL, "jnp://localhost:1099");

iOfficeCallbackHandler handler = new iOfficeCallbackHandler(
"[email protected]", "admin".toCharArray());


LoginContext lc = new LoginContext("iOffice", (CallbackHandler) handler);
lc.login();
InitialContext ctx = new InitialContext(props);

basic = (PublicBasic) ctx.lookup("PublicBasicBean/remote");



在PublicBasicBean中
@Stateless
@Remote(PublicBasic.class)
@SecurityDomain("iOffice")
public class PublicBasicBean implements PublicBasic {
@RolesAllowed({ "BasicUser", "DomainAdministrator", "PowerUser" })
public java.util.Collection getPrivateContacts() {
try {
return xxx....
} catch (Exception e) {

}
}
}
为什么出现
javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:421)
at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
希望高手能给解决一下,并给讲讲jaas

你可能感兴趣的:(关于ejb中安全性)