0
我想看看哪個用戶試圖訪問不允許他的角色(通過@RolesAllowed註釋)的EJB方法。 看來我只能看到一個失敗的權限檢查在日誌中發生(+上豆,有什麼方法和時間戳),而不是試圖把它叫做:Glassfish日誌用戶失敗的權限檢查
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [INFO] [] [javax.enterprise.system.core.security] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 800] [[
JACC Policy Provider: Failed Permission Check, context(SecuredAccess/SecuredAccess_EJB_jar)- permission(("javax.security.jacc.EJBMethodPermission" "WorkBean" "administrationTask,Local,"))]]
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [WARNING] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 900] [[
A system exception occurred during an invocation on EJB WorkBean, method: public java.lang.String work.WorkBean.administrationTask()]]
有什麼辦法來配置Glassfish,以便它記錄主叫用戶的主體或至少某種類型的會話ID,然後我可以映射到特定用戶?它記錄每個有效方法調用的用戶,但不知道如何拒絕。