我将Weblogin应用程序迁移到JBoss EAP 7.1。
但是当我从浏览器中调用我的API时,有一个例外:
WFLYEJB0364:方法调用:公共抽象java.util.Listcom.medtronic.diabetes.carelink.hcp.service.UserService.getCountryLanguages(java.lang.String,com.medtronic.diabetes.carelink.hcp.persistence.model.ApplicationType)之豆:不允许使用UserServiceImpl
UserService方法签名:
@PermitAll
List<LanguageDefinitionItemDto> getCountryLanguages(String countryCode, ApplicationType type);
在weblogic.xml中,我具有安全性属性:
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>adminGroup</principal-name>
</security-role-assignment>
<security-role-assignment>
<role-name>user</role-name>
<principal-name>userGroup</principal-name>
</security-role-assignment>
<!-- session configuration -->
<session-descriptor>
<cookie-secure> true </cookie-secure>
<persistent-store-type> replicated_if_clustered </persistent-store-type>
<cookie-http-only> false </cookie-http-only>
<url-rewriting-enabled> false </url-rewriting-enabled>
<timeout-secs> 1800 </timeout-secs>
</session-descriptor>
在standalone-full.xml中,我从另一个耳朵获得了一个登录模块。我需要添加RoleMappingLoginModule吗?
<security-domain name="mySecurityDomain" cache-type="default">
<authentication>
<login-module code="Database" flag="required">
<module-option name="dsJndiName" value="java:/jdbc/powds"/>
<module-option name="principalsQuery" value="SELECT password FROM DDMS_ACCOUNT WHERE user_name = ?"/>
<module-option name="rolesQuery" value="SELECT group_name, 'Roles' FROM DDMS_ACCOUNT_GRP_ASSOC WHERE user_name = ?"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
请帮助我在Jboss EAP 7.1.0上转移此配置。
我尝试在web.xml中添加,但这没有帮助:
<security-role>
<role-name>admin</role-name>
</security-role>
<security-role>
<role-name>user</role-name>
</security-role>
jboss server.log
Principal: anonymous
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=2.0];Action=authorization;Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;policyRegistration=null;Exception:=PBOX00017: Access denied: authorization failed ;
2019-12-17 10:59:59,177 TRACE [org.jboss.security] (default task-7) PBOX00354: Setting security roles ThreadLocal: null
如果我删除@PermitAll批注,它仍然不起作用。
结束,请向我解释此security-role的用途以及原因?我需要将此管理员和用户添加到jboss安全性ApplicationRealm吗?
<default-missing-method-permissions-deny-access value="false"/>
有效。但是会产生负面影响吗?
在standalone-full.xml中删除cofig <default-security-domain value="other"/>
帮助了我