使用来自JAX-RS Web服务的安全EJB [英] Using a secured EJB from a JAX-RS web service
问题描述
我正在运行Glassfish 4和Jersey作为JAX-RS实现。我已经像这样保护了我的EJB:
I'm running Glassfish 4 and Jersey as JAX-RS implementation. I have secured my EJB like this:
@Stateless
@DeclareRoles({"Authentication_Reader"})
@RolesAllowed({"Authentication_Reader"})
public class AuthenticationServiceBean {
public void foo() {
...
}
}
我在glassfish-web中创建了一个安全角色映射条目。 xml,我还在web.xml中创建了一个安全角色声明。
I have created a security-role-mapping entry in glassfish-web.xml, and I've also created a security-role declaration in web.xml.
以下是servlet的工作原理:
The following works from a servlet:
@WebServlet(name = "TestServlet", urlPatterns = {"/test.do"})
@RunAs("Authentication_Reader")
public class TestServlet extends HttpServlet {
@Inject
private AuthenticationServiceBean authenticationService;
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
authenticationService.foo();
.. etc ...
}
}
但是如果我从JAX-RS资源中执行此操作,例如:
But if I do it from a JAX-RS resource, such as this one:
@RequestScoped
@RunAs("Authentication_Reader")
@Path("test")
public class TestResource {
@Inject
private AuthenticationServiceBean authenticationServiceBean;
@GET
public String test() {
int x = 123; // This code executes fine
authenticationServiceBean.foo(); // This gets an AccessLocalException
return "I never returned this";
}
}
Glassfish服务器日志基本上说:javax.ejb。 AccessLocalException:未授权此调用的客户端
The Glassfish server log basically says: javax.ejb.AccessLocalException: Client not authorized for this invocation
我不明白为什么这适用于servlet,而不适用于REST资源。对我来说,这似乎应该可以正常工作。
I don't understand why this works for a servlet, and not for the REST resource. To me, this seems like it should work just fine.
推荐答案
如果你改变 TestResource
是EJB,如果使用 @EJB
注入 AuthenticationServiceBean
,它应该可以工作。
If you change TestResource
to be EJB and if you inject AuthenticationServiceBean
using @EJB
it should work.
您可以查看 jersey-ejb 例子。还有 jersey-gf-ejb 集成模块,用于在Glassfish AS上使用EJB。具体是 Jersey ,JAX-RS不支持将EJB注入到Resource类中。
You can look at jersey-ejb example. And there is also jersey-gf-ejb integration module to be used to use EJBs on Glassfish AS. This is Jersey specific, JAX-RS does not support to inject EJB into Resource class yet.
这篇关于使用来自JAX-RS Web服务的安全EJB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!