調用遠程ejb返回使用Wildfly的無效用戶9.0.1

Question

如果我在wildfly中使用默認安全域設置，我可以成功調用遠程EJB。我來賓這個安全域沒有檢查任何用戶憑證。在實現或使用檢查數據庫中的用戶名和密碼的安全域後，我遇到下面的異常。

我找不出我缺少的東西。我希望這裏有人能指出我正確的方向。

例外：

Exception in thread "main" javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User 
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:69) 
at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) 
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:97) 
... 

的JBoss-ejb3.xml：

<jboss:jboss 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:jboss="http://www.jboss.com/xml/ns/javaee" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:s="urn:security:1.1" 
    version="3.1" impl-version="2.0"> 

<assembly-descriptor> 
    <s:security> 
     <!-- Even wildcard * is supported --> 
     <ejb-name>*</ejb-name> 
     <!-- Name of the security domain which is configured in the EJB3 subsystem --> 
     <s:security-domain>ejb-database-policy</s:security-domain> 
    </s:security> 
</assembly-descriptor> 

standalone.xml

<security-domain name="ejb-database-policy" cache-type="default"> 
    <authentication> 
     <login-module code="Database" flag="required"> 
      <module-option name="dsJndiName" value="java:/jdbc/mysqlds"/> 
      <module-option name="principalsQuery" value="SELECT user_password FROM app_user WHERE username=?"/> 
      <module-option name="rolesQuery" value="SELECT role, 'Roles' FROM user_role WHERE username=?"/> 
      <module-option name="hashAlgorithm" value="SHA-256"/> 
      <module-option name="hashEncoding" value="base64"/> 
      <module-option name="unauthenticatedIdentity" value="guest"/> 
     </login-module> 
    </authentication> 
</security-domain> 

TestRemote.java

public class TestRemote { 
public static void main(String[] args) { 
    new TestRemote().exec(); 
} 

public void exec() { 
    try { 
     Hashtable prop = new Hashtable(); 
     prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory"); 
     prop.put(Context.PROVIDER_URL, "http-remoting://127.0.0.1:8080"); 
     prop.put(Context.SECURITY_PRINCIPAL, "anonymous"); 
     prop.put(Context.SECURITY_CREDENTIALS, "admin"); 

     prop.put("jboss.naming.client.ejb.context", true); 

     Context context = new InitialContext(prop); 

     final String ejb = "/MyAppEar/MyAppEjb//UserBean!com.test.controller.UserBeanRemote"; 
     UserBeanRemote bean = (UserBeanRemote)context.lookup(ejb); 


     List<AppUser> users = bean.getUserList(null, 0, 0); 
     if(users != null) { 
      for(AppUser user: users) { 
       System.out.println("UserID: " + user.getUserId() + ", username:" + user.getUsername()); 
      }    
     } else { 
      System.out.println("User list is empty"); 
     } 

    } catch(NamingException e) { 
     e.printStackTrace(); 
    } 
} 
} 

感謝， 貝爾

Answer 1

問題解決了。

下面是我做的附加步驟/設置。

1）在standalone.xml中，我將ApplicationRealm認證更改爲JAAS。

<security-realm name="ApplicationRealm"> 
    <authentication> 
     <jaas name="ejb-database-policy"/> 
    </authentication> 
    <authorization> 
     <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> 
    </authorization> 
</security-realm> 

2）在TestRemote.java，我添加prop.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");

那它。

謝謝，貝爾