Deltaspike和@Stateless Bean [英] Deltaspike and @Stateless Bean
问题描述
我希望使用DeltaSpike-API保护我的无状态EJb。
I want to secure my "Stateless" EJb with the DeltaSpike-API.
@Stateless
@Remote(UserServiceRemote.class)
public class UserService implements UserServiceRemote
在方法级别我有一个自定义注释支持
At method level i have a custom annotation "Support"
@Support
public void doSomething() {}
因此我写了一个自定义注释@Support:
Therefore i wrote a custom annotation "@Support":
@Retention(value = RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE, ElementType.METHOD })
@Documented
@SecurityBindingType
public @interface Support {
我的自定义授权程序如下:
My custom Authorizer looks like:
@Secures
@Support
public boolean doAdminCheck(Identity identity, IdentityManager identityManager, RelationshipManager relationshipManager)
throws Exception {
return hasRole(relationshipManager, identity.getAccount(), getRole(identityManager, "Support"));
}
在我的beans.xml文件中,我包括:
In my "beans.xml" file i included:
<interceptors>
<class>org.apache.deltaspike.security.impl.extension.SecurityInterceptor</class>
</interceptors>
但在我登录我的应用程序并在每次远程调用doSomething方法后调用支持无论我是否有角色,都会忽略注释。
But after i log in my application and call the "doSomething" method per remote call the "Support" annotation is ignored, no matter if I have the role or not.
我做错了什么?所有建议都是完全的!
What I'm doing wrong? Thanx for all suggestions!!!
推荐答案
Ejb和CDI是两个不同的概念。无状态会话bean和托管CDI bean由不同的容器管理。所以你不能在无状态会话bean上使用Deltaspike。
如果您想使用deltaspike安全性,请改用命名bean并使用不同的远程处理策略。
Ejb and CDI are two different concepts. A stateless session bean and a managed CDI bean are managed by different containers. So you cannot use Deltaspike on a stateless session bean. If you want to use deltaspike security, use a named bean instead and use a different remoting strategy.
这篇关于Deltaspike和@Stateless Bean的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!