我在Jboss 6中进行身份验证时遇到问题。我正在编写一个基于SOA范例的应用程序,并且已经实现了一些WebServices,例如:
@Stateless
@WebService(
name="UserService",
portName = "UserServicePort",
targetNamespace = "http://agh.edu.pl/soa"
)
@SOAPBinding(style = Style.RPC, use = Use.LITERAL)
@WebContext(authMethod="BASIC", secureWSDLAccess=false)
@SecurityDomain("gamepolicy")
public class UserServiceBean implements UserService {
@EJB
private UserDAO userDao;
private Logger logger = Logger.getLogger("GameBooker");
@WebMethod
@PermitAll()
public void registerUser(@WebParam(name = "user") User user) {
userDao.addUser(user);
}
@WebMethod
public void updateUser(@WebParam(name = "id") Long id, @WebParam(name = "user") User user) {
userDao.updateUser(id, user);
}
@WebMethod
@RolesAllowed({"admin", "manager"})
@WebResult( name = "FindUserResponse",
targetNamespace = "http://agh.edu.pl/soa")
public User findUserById(@WebParam(name = "id") Long id) {
User user = userDao.findUser(id);
return user;
}
}
我启动了应用程序服务器,并获得了该Web服务的wsdl,并使用JBossWS在Eclipse中生成了Web Service Client。 代码生成成功,这是我的客户示例:
package pl.edu.agh.user.clientsample;
import javax.xml.ws.BindingProvider;
import pl.edu.agh.user.*;
public class ClientSample {
public static void main(String[] args) {
System.out.println("***********************");
System.out.println("Create Web Service Client...");
UserServiceBeanService service1 = new UserServiceBeanService();
System.out.println("Create Web Service...");
UserService port1 = service1.getUserServicePort();
BindingProvider bp = (BindingProvider)port1;
// bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "kermit");
// bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "ebe97bf6e9c26d55a483f19af51b1085");
System.out.println("Call Web Service Operation...");
User user = new User();
user.setEmail("[email protected]");
user.setLogin("y");
user.setName("michal");
user.setSurname("kowalski");
user.setPassword("ddd");
user.setPhone("555");
port1.registerUser(user);
System.out.println("Call Over!");
}
}
这就是我的问题-当我取消对绑定提供程序的注释时-我的Web服务正常工作。 所有方法(使用@PermitAll和@RolesAllowed的方法)都可以正常工作(以防我通过BindingProvider传递正确的数据)。 但是,当我注释这些行并尝试仅运行具有@PermitAll批注的registerUser方法时,出现错误(客户端控制台:
***********************
Create Web Service Client...
log4j:WARN No appenders could be found for logger (org.apache.cxf.common.logging.LogUtils).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Create Web Service...
Call Web Service Operation...
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: Can't find input stream in message
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:146)
at $Proxy26.registerUser(Unknown Source)
at pl.edu.agh.user.clientsample.ClientSample.main(ClientSample.java:28)
Caused by: java.lang.RuntimeException: Can't find input stream in message
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:116)
at org.apache.cxf.binding.soap.interceptor.ReadHeadersInterceptor.handleMessage(ReadHeadersInterceptor.java:60)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2330)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2192)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2036)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:696)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:255)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
... 2 more
和Jboss服务器控制台:
23:08:02,371 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
23:08:02,371 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
23:08:02,371 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /ReservationBeans/UserService
23:08:02,371 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[UserServiceBean]' against GET /UserService --> false
23:08:02,372 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[GameServiceBean]' against GET /UserService --> false
23:08:02,372 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
23:08:02,372 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=null
23:08:02,372 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
23:08:02,372 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
23:08:02,375 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
23:08:02,376 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
23:08:02,376 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, caller=null
23:08:02,376 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
23:08:02,793 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
23:08:02,793 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
23:08:02,793 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /ReservationBeans/UserService
23:08:02,793 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[UserServiceBean]' against POST /UserService --> true
23:08:02,793 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[GameServiceBean]' against POST /UserService --> false
23:08:02,793 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
23:08:02,793 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
23:08:02,794 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
23:08:02,794 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
23:08:02,794 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test
23:08:02,794 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
我认为jboss中的login-config.xml文件已正确配置:
<application-policy name="gamepolicy">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option name="dsJndiName">java:/MySQLGameBookerDS</module-option>
<module-option name="principalsQuery">
select password from users where login=?
</module-option>
<module-option name="rolesQuery">
select userType,'Roles' from roles join user_roles on id=role_id join users u on u.id=user_id where login=?
</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">base64</module-option>
<module-option name="hashCharset">UTF-8</module-option>
<module-option name="debug">true</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
为什么即使使用@PermitAll,并且将unauthenticatedIdentity指定为匿名我也无法运行我的web方法? 当我通过绑定传递正确的数据时,方法可以正常工作。 我进行了测试,并在未注释的情况下运行了绑定,但是当我传递空字符串作为参数时,客户端控制台上的结果是相同的错误,但是在服务器控制台上却显示:
00:14:01,586 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
00:14:01,586 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
00:14:01,586 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /ReservationBeans/UserService
00:14:01,586 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[UserServiceBean]' against GET /UserService --> false
00:14:01,586 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[GameServiceBean]' against GET /UserService --> false
00:14:01,587 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
00:14:01,587 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=null
00:14:01,587 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
00:14:01,587 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
00:14:01,591 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
00:14:01,591 TRACE [org.jboss.web.tomcat.security.RunAsListener] UserServiceBean, runAs: null
00:14:01,591 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, caller=null
00:14:01,591 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
00:14:02,029 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
00:14:02,029 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
00:14:02,029 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /ReservationBeans/UserService
00:14:02,029 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[UserServiceBean]' against POST /UserService --> true
00:14:02,029 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[GameServiceBean]' against POST /UserService --> false
00:14:02,029 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
00:14:02,029 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
00:14:02,029 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
00:14:02,029 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
00:14:02,030 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamepolicy] Begin isValid, principal:, cache info: null
00:14:02,030 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamepolicy] defaultLogin, principal=
00:14:02,030 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(gamepolicy), size=12
00:14:02,030 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(gamepolicy), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=hashCharset, value=UTF-8
name=hashAlgorithm, value=MD5
name=principalsQuery, value=select password from users where login=?
name=unauthenticatedIdentity, value=anonymous
name=hashEncoding, value=base64
name=debug, value=true
name=dsJndiName, value=java:/MySQLGameBookerDS
name=rolesQuery, value=select userType,'Roles' from roles join user_roles on id=role_id join users u on u.id=user_id where login=?
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: gamepolicy
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=anonymous
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Password hashing activated: algorithm = MD5, encoding = base64, charset = UTF-8, callback = null, storeCallback = null
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/MySQLGameBookerDS
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select password from users where login=?
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select userType,'Roles' from roles join user_roles on id=role_id join users u on u.id=user_id where login=?
00:14:02,030 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
00:14:02,031 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
00:14:02,031 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
00:14:03,557 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select password from users where login=?, with username:
00:14:03,686 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db
00:14:03,687 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
00:14:03,687 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
00:14:03,687 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamepolicy] Login failure: javax.security.auth.login.FailedLoginException: No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:184) [:3.0.0.CR2]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) [:3.0.0.CR2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_32]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_32]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [:1.6.0_32]
at java.lang.reflect.Method.invoke(Unknown Source) [:1.6.0_32]
at javax.security.auth.login.LoginContext.invoke(Unknown Source) [:1.6.0_32]
at javax.security.auth.login.LoginContext.access$000(Unknown Source) [:1.6.0_32]
at javax.security.auth.login.LoginContext$4.run(Unknown Source) [:1.6.0_32]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_32]
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) [:1.6.0_32]
at javax.security.auth.login.LoginContext.login(Unknown Source) [:1.6.0_32]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553) [:3.0.0.CR2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487) [:3.0.0.CR2]
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365) [:3.0.0.CR2]
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160) [:6.1.0.Final]
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399) [:6.1.0.Final]
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [:6.1.0.Final]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.event(CatalinaContext.java:285) [:1.1.0.Final]
at org.jboss.modcluster.catalina.CatalinaContext$RequestListenerValve.invoke(CatalinaContext.java:261) [:1.1.0.Final]
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [:6.1.0.Final]
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [:6.1.0.Final]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
at java.lang.Thread.run(Unknown Source) [:1.6.0_32]
00:14:03,688 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamepolicy] End isValid, false
00:14:03,688 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test
00:14:03,688 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
你能告诉我我在做什么错吗?