Jboss AS 7,web服务基本http认证中的错误
问题描述:
我在jboss eap 6.1应用服务器中开发了一个基于Ejb的web服务。 如果没有验证,此服务按预期工作。 现在,我添加了一个基本autentication机制,这个Web服务,下面我执行的步骤:Jboss AS 7,web服务基本http认证中的错误
我批注我的EJB(至极实现了WS)以下列方式:
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;
import javax.jws.WebService;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.ws.api.annotation.WebContext;
@Stateless
@WebService(name = "HelloWorldWS", targetNamespace="http://my-company/ws/")
@WebContext(authMethod = "BASIC", contextRoot = "helloWS", urlPattern ="/*")
@SecurityDomain("helloworld-webservice-login")
public class HelloWorldWebService implements HelloWorldWebServiceRemote {
@RolesAllowed({"mioruolo"})
public String sayHello() {
return "Hello World";
}
}
,并根据这一点,我已经添加了HelloWorld Web网页登录的安全域在我standalone.xml文件,内容如下:
<security-domain name="helloworld-webservice-login">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
<module-option name="principalsQuery" value="select password from s_principals where principal_id=?"/>
<module-option name="rolesQuery" value="select role, 'Roles' from s_roles where principal_id=?"/>
</login-module>
</authentication>
</security-domain>
所以,我想的是,只有一个叫角色的用户“mioruolo”可以访问web服务。 我在Oracle 10g数据库中添加了表s_roles和s_principals,并且我已经执行了Toad窗口中xml文件中的两个查询,并且两者都按预期工作。
我用生成的客户端调用这个Web服务的JAX-WS,和我通过凭据以下列方式HTTP头,在客户端:
bindingProvider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "federico");
bindingProvider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "passwd");
我得到的回应总是一个403-禁止的状态码。 我检查JBoss的日志文件,我播下以下行:
14:50:40,693 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Security checking request POST /helloWS
14:50:40,694 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[HelloWorldWebService]' against POST/--> true
14:50:40,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking constraint 'SecurityConstraint[HelloWorldWebService]' against POST/--> true
14:50:40,709 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling hasUserDataPermission()
14:50:40,709 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) User data constraint has no restrictions
14:50:40,710 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling authenticate()
14:50:41,287 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Authenticated 'federico' with type 'BASIC'
14:50:41,288 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Calling accessControl()
14:50:41,288 DEBUG [org.apache.catalina.realm] (http-/127.0.0.1:8080-1) Checking roles GenericPrincipal[federico(mioruolo,)]
14:50:41,321 DEBUG [org.apache.catalina.authenticator] (http-/127.0.0.1:8080-1) Failed accessControl() test
所以,autentication去确定,但授权(我想检查一下“费德里科·”用户“mioruolo”的角色),失败,我无法找出原因,因为在Toad客户端中执行的查询执行没有问题。
有关此错误的任何想法? 任何帮助将不胜感激。
非常感谢您
问候
答
你有你的HelloWorldWebService申报角色:
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;
import javax.jws.WebService;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.ws.api.annotation.WebContext;
@Stateless
@WebService(name = "HelloWorldWS", targetNamespace="http://my-company/ws/")
@WebContext(authMethod = "BASIC", contextRoot = "helloWS", urlPattern ="/*")
@SecurityDomain("helloworld-webservice-login")
@javax.annotation.security.DeclareRoles.DeclareRoles({"mioruolo"})
public class HelloWorldWebService implements HelloWorldWebServiceRemote {
@RolesAllowed({"mioruolo"})
public String sayHello() {
return "Hello World";
}
}
'选择角色, '角色' 从s_roles其中principal_id ='。该查询不应该因为逗号而起作用 – kolossus