爲什麼在TomEE上遠程調用EJB時​​會出現AuthenticationException？

Question

我有一個在TomEE 7.0.3服務器上運行的ejb。順便說一句，所有這一切都在Tomee 1.7.4工作。 我已經安裝了一套使用tomcat-users.xml文件

<tomcat-users> 
    <role rolename="admin" /> 
    <role rolename="admin-gui" /> 
    <role rolename="admin-script" /> 
    <role rolename="manager" /> 
    <role rolename="manager-gui" /> 
    <role rolename="manager-script" /> 
    <role rolename="manager-jmx" /> 
    <role rolename="manager-status" /> 
    <role rolename="tomee-admin" /> 
    <user 
     name="admin" 
     password="admin" 
     roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status,tomee-admin" /> 
    <role rolename="tomcat" /> 
    <user 
     name="tomcat" 
     password="tomcat" 
     roles="tomcat" /> 
    <user 
     name="manager" 
     password="manager" 
     roles="manager" /> 
</tomcat-users> 

用戶的我能夠能夠通過提供的憑據爲用戶「管理員」訪問URL http://127.0.0.1/tomee/ejb。 我的server.xml文件中有以下條目

<Resource auth="Container" description="User database that can be updated and saved" 
    factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" 
    pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> 

和

<Realm className="org.apache.catalina.realm.LockOutRealm"> 
     <!-- This Realm uses the UserDatabase configured in the global JNDI resources 
      under the key "UserDatabase". Any edits that are performed against this UserDatabase 
      are immediately available for use by the Realm. --> 
     <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
      resourceName="UserDatabase" /> 
    </Realm> 

問題是，當我嘗試遠程調用EJB，我JNDI InitialContext的使用以下屬性。

java.naming.factory.initial=org.apache.openejb.client.RemoteInitialContextFactory 
java.naming.provider.url=http://127.0.0.1:8082/tomee/ejb 
java.naming.security.principal=admin 
java.naming.security.credentials=admin 

以下是調用ejb的代碼。

public static Object locateService(String serviceName) throws NamingException, IOException { 
    InputStream in = ServiceLocator.class.getClassLoader().getResourceAsStream("servicelocator.properties"); 
    Properties p = new Properties(); 
    p.load(in); 
    InitialContext ctx = new InitialContext(p); 
    return ctx.lookup("PaymentManagerRemote"); 
} 

正如你看到的，我提供正確的用戶名和密碼，但我得到以下異常

Apr 27, 2017 12:39:07 PM org.apache.openejb.client.EventLogger log 
INFO: RemoteInitialContextCreated{providerUri=http://127.0.0.1:8082/tomee/ejb} 
Exception in thread "main" javax.naming.AuthenticationException: Error while communicating with server: ; nested exception is: 
    javax.naming.AuthenticationException 
    at org.apache.openejb.client.JNDIContext.authenticate(JNDIContext.java:381) 
    at org.apache.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:289) 
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) 
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) 
    at javax.naming.InitialContext.init(InitialContext.java:244) 
    at javax.naming.InitialContext.<init>(InitialContext.java:216) 
    at co.uk.meghdoot.core.util.ServiceLocator.locateService(ServiceLocator.java:20) 
    at co.uk.meghdoot.core.test.DeviceLocationTest.setUp(DeviceLocationTest.java:53) 
    at co.uk.meghdoot.core.test.DeviceLocationTest.main(DeviceLocationTest.java:109) 

任何人都可以闡明這一些輕？

Answer 1

使用tomcat-users.xml假定你在Server.xml中使用UserDatabaseRealm作爲領域，這可能不是這種情況（沒有寫在你的問題中）。這也假定認證是通過servlet/tomcat骨幹完成的。直到你添加了tomee webapp（你可以在物理上創建它並定義ejbd servlet - 參見http://tomee.apache.org/ejbd-transport.html - 做一個request.login（）的過濾器，默認情況下情況並非如此。

使用ejbd協議tomee會自動登錄使用tomee安全服務，默認情況下依賴於server.xml的第一個領域