不能让@RunAs在EJB中工作 [英] Can't get @RunAs to work in an EJB

问题描述

这是 websphere上的@Startup EJB的用户上下文

我有以下情况：

EJB 1：

@WebService( ... )
@Local(SomeLocalServiceType.class)
@Stateless
@RolesAllowed("SomeRole")
public class SomeServiceBean implements SomeLocalServiceType {

    ...

    @Override
    public void someMethodInSomeLocalServiceType() { ... }

    ...
}

EJB 2：

@Startup
@Singleton
@RunAs("SomeRole")
public class PIRSingletonEJB {

        @EJB
        private SomeLocalServiceType service; 

        ...

        @PostContruct
        public void performStartupAction() { 
            service.someMethodInSomeLocalServiceType();
        }

}

简而言之：我有一个EJB需要一个角色SomeRole，而启动EJB使用 @RunAs 来使用该角色。

In short: I have one EJB requiring a role "SomeRole", and a startup EJB using @RunAs to use that role.

因为了解 @RunAs 这应该可以工作。

As far I as understand @RunAs this should work.

但是，我得到以下异常（类和角色名称更改为匹配我的例子）：

However, I get the following Exception (class and role names changed to match my example):

javax.ejb.NoSuchEJBException: An error occurred during initialization of singleton session bean MY_Appl#myappl-ejb.jar#PIRSingletonEJB, resulting in the discarding of the singleton instance.; nested exception is: javax.ejb.EJBAccessException: SECJ0053E: Authorization failed for wasldaphost:389/SOMEUSER while invoking (Bean)MY_Appl#myappl-ejb.jar#SomeServiceBean someMethodInSomeLocalServiceType::3  is not granted any of the required roles: SomeRole
Caused by: javax.ejb.EJBAccessException: SECJ0053E: Authorization failed for wasldaphost:389/SOMEUSER while invoking (Bean)MY_Appl#myappl-ejb.jar#SomeServiceBean someMethodInSomeLocalServiceType::3  is not granted any of the required roles: SomeRole

这是否只是一个误解，这部分应该如何运作？

Is this just a misunderstanding on my part of how this should work?

我正在使用WebSphere 8.0.0.9

I am using WebSphere 8.0.0.9

推荐答案

你必须做两件事：

• 在管理控制台中，在用户映射的安全角色中，您必须添加 SOMEUSER to SomeRole


• 然后在 RunAs角色映射你必须指定一个特征来自SomeRole的用户（在您的情况下 SOMEUSER ），并为他提供密码。

• In the admin console, in the Security role to user mapping you have to add your SOMEUSER to SomeRole
• Then in RunAs role mapping you have to specify one particular user from the SomeRole (in your case SOMEUSER) and provide password for him.

这两个设置都是必需的，因为容器必须具有RunAs的用户名和密码，并且该用户必须是应该使用的角色的有效用户。 （你不能像角色一样运行，它必须是具有该角色的特定用户）。

Both settings are required, because container must have userid and password for the RunAs, and also that user must be valid user for the role that should be used. (You cannot run just as role, it must be a specific user that has that role).

PS。我没有手头的控制台，所以连接在控制台中可能会有所不同，但你应该得到这个想法。

PS. I don't have console at hand, so links might be called a bit differently in the console, but you should get the idea.

有关详细信息，请查看分配用户到RunAs角色

For more details check Assigning users to RunAs roles

这篇关于不能让@RunAs在EJB中工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！