问题:
如何在EE7 Rest应用程序中启用Java身份验证/授权?获取“客户端未授权进行此调用”
郝冥夜
一段时间以来,我一直在撞墙,试图使用注释在JavaEE7 REST应用程序上启用身份验证/授权。无论我多么努力,我都会收到这个错误:
[2014-06-06T10:25:35.051+0200] [glassfish 4.0] [WARNING] [] [javax.enterprise.system.container.ejb.com.sun.ejb.containers] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135051] [levelValue: 900] [[
javax.ejb.AccessLocalException: Client not authorized for this invocation
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1895)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at com.sun.proxy.$Proxy453.findAll(Unknown Source)
at se.tonttu.triagebackend.service.__EJB31_Generated__CategoryFacadeREST__Intf____Bean__.findAll(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:323)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
]]
经过一些谷歌搜索,我发现人们建议删除glassfish/domains/domain1/生成的/策略文件夹,但这没有效果。我还将日志记录级别设置为FINE,它提供了这个相关的日志条目:
[2014-06-06T10:25:35.041+0200] [glassfish 4.0] [FINE] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135041] [levelValue: 500] [CLASSNAME: com.sun.enterprise.security.provider.BasePolicyWrapper] [METHODNAME: doImplies] [[
JACC Policy Provider, failed Permission Check at :
java.lang.Exception
at com.sun.enterprise.security.provider.BasePolicyWrapper.doImplies(BasePolicyWrapper.java:408)
at com.sun.enterprise.security.provider.BasePolicyWrapper.implies(BasePolicyWrapper.java:250)
at org.glassfish.ejb.security.application.EJBSecurityManager.authorize(EJBSecurityManager.java:761)
at com.sun.ejb.containers.BaseContainer.authorize(BaseContainer.java:2324)
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1894)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:210)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at com.sun.proxy.$Proxy453.findAll(Unknown Source)
at se.tonttu.triagebackend.service.__EJB31_Generated__CategoryFacadeREST__Intf____Bean__.findAll(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:125)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:152)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:91)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:346)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:341)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:101)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:224)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:198)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:946)
at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:323)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:372)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:335)
at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:218)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:318)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:357)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:260)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:188)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
at java.lang.Thread.run(Thread.java:745)
]]
[2014-06-06T10:25:35.044+0200] [glassfish 4.0] [INFO] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135044] [levelValue: 800] [[
JACC Policy Provider: Failed Permission Check, context(triagebackend/triagebackend_internal)- permission(("javax.security.jacc.EJBMethodPermission" "CategoryFacadeREST" "findAll,Local,"))]]
除此之外:
[2014-06-06T10:25:35.048+0200] [glassfish 4.0] [FINE] [] [javax.enterprise.system.core.security] [tid: _ThreadID=25 _ThreadName=http-listener-2(2)] [timeMillis: 1402043135048] [levelValue: 500] [CLASSNAME: com.sun.enterprise.security.provider.BasePolicyWrapper$2] [METHODNAME: run] [[
Domain that failed(ProtectionDomain (file:/triagebackend/triagebackend_internal <no signer certificates>)
null
<no principals>
java.security.Permissions@1dacedc (
("java.security.SecurityPermission" "getProperty.package.definition")
("java.util.PropertyPermission" "java.specification.version" "read")
("java.util.PropertyPermission" "java.version" "read")
("java.util.PropertyPermission" "os.arch" "read")
("java.util.PropertyPermission" "java.specification.vendor" "read")
("java.util.PropertyPermission" "java.vm.specification.name" "read")
("java.util.PropertyPermission" "*" "read,write")
("java.util.PropertyPermission" "java.vm.vendor" "read")
("java.util.PropertyPermission" "path.separator" "read")
("java.util.PropertyPermission" "os.version" "read")
("java.util.PropertyPermission" "file.separator" "read")
("java.util.PropertyPermission" "line.separator" "read")
("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
("java.util.PropertyPermission" "java.specification.name" "read")
("java.util.PropertyPermission" "java.vendor.url" "read")
("java.util.PropertyPermission" "java.vendor" "read")
("java.util.PropertyPermission" "java.vm.version" "read")
("java.util.PropertyPermission" "java.vm.name" "read")
("java.util.PropertyPermission" "java.vm.specification.version" "read")
("java.util.PropertyPermission" "os.name" "read")
("java.util.PropertyPermission" "java.class.version" "read")
("java.net.SocketPermission" "localhost:0" "listen,resolve")
("java.net.SocketPermission" "*" "connect,resolve")
(unresolved javax.security.jacc.EJBMethodPermission MaincategoryFacadeREST count,Local,)
(unresolved javax.security.jacc.EJBMethodPermission Ksh97FacadeREST remove,Local,java.lang.Object)
(unresolved javax.security.jacc.EJBMethodPermission SolutionFacadeREST remove,Local,java.lang.Object)
*****[I've removed a lot of similar log entries here]*****
(unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
(unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
("java.io.SerializablePermission" "enableSubstitution")
("java.lang.RuntimePermission" "modifyThreadGroup")
("java.lang.RuntimePermission" "getProtectionDomain")
("java.lang.RuntimePermission" "queuePrintJob")
("java.lang.RuntimePermission" "loadLibrary.*")
("java.lang.RuntimePermission" "accessDeclaredMembers")
("java.lang.RuntimePermission" "getClassLoader")
("java.lang.RuntimePermission" "closeClassLoader")
("java.lang.RuntimePermission" "stopThread")
("java.lang.RuntimePermission" "setContextClassLoader")
("javax.management.MBeanTrustPermission" "register")
("javax.management.MBeanPermission" "[com.sun.messaging.jms.*:*]" "*")
("java.io.FilePermission" "/tmp/-" "delete")
("java.io.FilePermission" "/home/kalle/glassfish-4.0/glassfish/domains/domain1/lib/databases/-" "delete")
("java.io.FilePermission" "<<ALL FILES>>" "read,write")
("javax.security.auth.PrivateCredentialPermission" "javax.resource.spi.security.PasswordCredential * "*"" "read")
)
到目前为止,我只尝试在一个入口点实现它,代码就是这样的。首先,我声明角色“users”(与glassfish服务器上的组名相同),然后RolesAllowed进一步使用该角色。所有其他API调用都保持不变,并保持正常工作。
@Stateless
@DeclareRoles({"users"})
@Path(Category.PATH)
public class CategoryFacadeREST extends AbstractFacade<Category> {
@PersistenceContext(unitName = "se.tonttu_triagebackend_war_1.0PU")
private EntityManager em;
public CategoryFacadeREST() {
super(Category.class);
}
@GET
@RolesAllowed("users")
@Override
@Produces({"application/json"})
public Response findAll() {
return super.findAll();
}
@Override
protected EntityManager getEntityManager() {
return em;
}
在Glassfish中,我在服务器的“文件”域中添加了两个用户,这也是默认域。
我曾尝试在HTTP和HTTPS上运行它,并使用基本身份验证(在Chrome中使用Postman扩展),但没有任何区别。
我甚至尝试删除注释并通过web.xml启用授权,遵循本指南https://blogs.oracle.com/bobby/entry/simplified_security_role_mapping,但这根本没用。
我想我错过了一些非常基本的东西,但我真的不知道是什么。任何帮助都将不胜感激,因为进一步的谷歌搜索没有提供任何帮助。
共有1个答案
史超英
最后,我放弃了使用注释安全性,转而使用web。xml。原因是网络。xml不起作用是因为我忘记了包含URL的资源部分,也就是说,我错误地试图保护/category,而不是/api/category(默认情况下,Netbeans将其设置为/resources,但我已将其更改为/api)。
如果有人设法找出这样做的注释方式,那么一定要启发我们,因为我相信除了我之外的其他人也遇到过类似的问题。
类似资料:
-
我正在制作一个需要firebase身份验证的应用程序,但收到一个错误。 “此应用未被授权使用Firebase身份验证。 > sha-1是正确的 项目包是正确的 项目已连接到firebase 依赖项设置正确 电话身份验证已启用 还有一件事,我只收到这个错误,当我从Playstore下载的应用程序,当我从Android Studio安装它的应用程序工作正常。.
-
我已经将我的项目从Firebase sdk版本5.4.4升级到了unity版本2018.4.14F1中的Firebase sdk版本6.8.0。我已将所有必需的“DotNet3”unity包导入到我的项目中,并进行了构建,但出现错误:“此应用程序未被授权使用Firebase身份验证。请验证Firebase控制台中配置了正确的包名称和SHA-1。[应用程序验证失败]”。然后,我再次为我的密钥库生成了
-
null 事实上,当我在一个真实的设备上运行该应用程序时,它运行得很好,我可以登录。
-
我开发了夸库斯应用程序。我正在尝试通过LDAP服务器对Rest调用的endpoint进行身份验证。要求是,如果用户想要访问endpoint之前,它通过Active Directory对用户所属的组织进行身份验证。如果他属于并获得成功,那么它应该为用户授权。 有谁能帮上忙吗?Quarkus在Java的应用如何进行认证。 我已经介绍了https://quarkus.io/guides/security
-
null 事实上,当我在真正的设备上运行应用程序时,它运行得非常完美,我可以登录。
-
OAuth2 JWT 配置文件引入了将 JWT 用作授权授予和客户端身份验证的可能性。 JWT客户端身份验证功能独立于特定的授权类型,并且可以与任何授权类型一起使用,也可以与客户端凭据授权一起使用。 但是,使用 JWT 授权类型似乎与将客户端凭据授予与 JWT 客户端身份验证结合使用完全相同,只是语法略有不同。 在这两种情况下,客户端都会联系令牌终结点以获取访问令牌: vs