没有可用于 sessionContext.isCallerInRole() 的角色引用的映射

发布于 2024-10-21 12:09:44 字数 3131 浏览 2 评论 0原文

我有一个方法,如果该人具有特定角色并且他们与 JIRA 中的特定组相关联,则可以调用该方法。由于 JIRA 中的组是动态的,因此我无法为每个 JIRA 组分配一个角色。

@DeclareRoles({
  FileServerRoles.FILE_ADDER,
  FileServerRoles.FILE_ADDER_ALL,
  FileServerRoles.FILE_VIEWER,
  FileServerRoles.FILE_VIEWER_ALL})
public final class FileServerRoles {

  /**
   * A user that can add files to the system.
   */
  public static final String FILE_ADDER = "file-adder";
  /**
   * A user that can add any files to the system.
   */
  public static final String FILE_ADDER_ALL = "file-adder-all";
  /**
   * A user that can view files in the system.
   */
  public static final String FILE_VIEWER = "file-viewer";
  /**
   * A user that can view all files in the system.
   */
  public static final String FILE_VIEWER_ALL = "file-viewer-all";
}

我使用 @DeclareRoles 声明所有角色。

@Decorator
public class FileServerServiceProjectAuthorizationDecorator implements FileServerService {

  private static Logger LOGGER = LoggerFactory.getLogger(FileServerServiceProjectAuthorizationDecorator.class);
  @Inject
  @Delegate
  @Any
  FileServerService delagate;
  @Inject
  @CurrentUser
  Set<JiraProjectReference> currentUserProjectReferences;
  @Resource
  SessionContext sessionContext;

  void verifyProjectKey(final String projectKey) {
    for (final JiraProjectReference projectReference : currentUserProjectReferences) {
      if (projectReference.getKey().equalsIgnoreCase(projectKey)) {
        return;
      }
    }
    throw new IllegalArgumentException("user not in the project");
  }

  @RolesAllowed({FileServerRoles.FILE_ADDER, FileServerRoles.FILE_ADDER_ALL})
  @Override
  public FileAddStatus addFileToRepository(final String projectKey, final String issueKey, final String fileName, final String mimeType, final File file) {
    if (!sessionContext.isCallerInRole(FileServerRoles.FILE_ADDER_ALL)) {
      verifyProjectKey(projectKey);
    }
    return delagate.addFileToRepository(projectKey, issueKey, fileName, mimeType, file);
  }

  @RolesAllowed({FileServerRoles.FILE_VIEWER, FileServerRoles.FILE_VIEWER_ALL})
  @Override
  public FileDescriptor retrieveFileFromRepository(final String projectKey, final String issueKey, final UUID uuid, final String fileName) {
    if (!sessionContext.isCallerInRole(FileServerRoles.FILE_VIEWER_ALL)) {
      verifyProjectKey(projectKey);
    }

    return delagate.retrieveFileFromRepository(projectKey, issueKey, uuid, fileName);
  }
}

!sessionContext.isCallerInRole(FileServerRoles.FILE_VIEWER_ALL) 总是抛出 IllegalStateException

Caused by: java.lang.IllegalStateException: No mapping available for role reference file-viewer-all
        at com.sun.ejb.containers.EJBContextImpl.isCallerInRole(EJBContextImpl.java:458)
        at edu.wvu.esd.swordfish.web.service.FileServerServiceProjectAuthorizationDecorator.retrieveFileFromRepository(FileServerServiceProjectAuthorizationDecorator.java:59)
        ... 89 more

当 @RolesAllowed 中引用的任何角色时,我都没有遇到任何问题>。我还尝试将角色声明移至 web.xml 中。谷歌上没有太多关于该错误的参考。

有人见过这个吗?你的解决方案是什么?

I have a method that can be called if the person has a specific role and they are associated with a particular group in JIRA. Since the groups in JIRA are dynamic, I can't have a role per JIRA group.

@DeclareRoles({
  FileServerRoles.FILE_ADDER,
  FileServerRoles.FILE_ADDER_ALL,
  FileServerRoles.FILE_VIEWER,
  FileServerRoles.FILE_VIEWER_ALL})
public final class FileServerRoles {

  /**
   * A user that can add files to the system.
   */
  public static final String FILE_ADDER = "file-adder";
  /**
   * A user that can add any files to the system.
   */
  public static final String FILE_ADDER_ALL = "file-adder-all";
  /**
   * A user that can view files in the system.
   */
  public static final String FILE_VIEWER = "file-viewer";
  /**
   * A user that can view all files in the system.
   */
  public static final String FILE_VIEWER_ALL = "file-viewer-all";
}

I am declaring all of the roles using @DeclareRoles.

@Decorator
public class FileServerServiceProjectAuthorizationDecorator implements FileServerService {

  private static Logger LOGGER = LoggerFactory.getLogger(FileServerServiceProjectAuthorizationDecorator.class);
  @Inject
  @Delegate
  @Any
  FileServerService delagate;
  @Inject
  @CurrentUser
  Set<JiraProjectReference> currentUserProjectReferences;
  @Resource
  SessionContext sessionContext;

  void verifyProjectKey(final String projectKey) {
    for (final JiraProjectReference projectReference : currentUserProjectReferences) {
      if (projectReference.getKey().equalsIgnoreCase(projectKey)) {
        return;
      }
    }
    throw new IllegalArgumentException("user not in the project");
  }

  @RolesAllowed({FileServerRoles.FILE_ADDER, FileServerRoles.FILE_ADDER_ALL})
  @Override
  public FileAddStatus addFileToRepository(final String projectKey, final String issueKey, final String fileName, final String mimeType, final File file) {
    if (!sessionContext.isCallerInRole(FileServerRoles.FILE_ADDER_ALL)) {
      verifyProjectKey(projectKey);
    }
    return delagate.addFileToRepository(projectKey, issueKey, fileName, mimeType, file);
  }

  @RolesAllowed({FileServerRoles.FILE_VIEWER, FileServerRoles.FILE_VIEWER_ALL})
  @Override
  public FileDescriptor retrieveFileFromRepository(final String projectKey, final String issueKey, final UUID uuid, final String fileName) {
    if (!sessionContext.isCallerInRole(FileServerRoles.FILE_VIEWER_ALL)) {
      verifyProjectKey(projectKey);
    }

    return delagate.retrieveFileFromRepository(projectKey, issueKey, uuid, fileName);
  }
}

!sessionContext.isCallerInRole(FileServerRoles.FILE_VIEWER_ALL) always throws IllegalStateException:

Caused by: java.lang.IllegalStateException: No mapping available for role reference file-viewer-all
        at com.sun.ejb.containers.EJBContextImpl.isCallerInRole(EJBContextImpl.java:458)
        at edu.wvu.esd.swordfish.web.service.FileServerServiceProjectAuthorizationDecorator.retrieveFileFromRepository(FileServerServiceProjectAuthorizationDecorator.java:59)
        ... 89 more

I have had no problem with any of the roles when that are referenced in @RolesAllowed. I have also tried moving the roles declaration into web.xml. There aren't many references to the error on google.

Has anyone seen this? What was your solution?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

简单气质女生网名 2024-10-28 12:09:44

在 GlassFish 3.1 中的 EJB 中调用 isCallerInRole(roleName) 方法时,我收到相同的“没有可用于角色引用的映射”错误。对我来说解决这个问题的方法是向我的 EJB 添加适当的 @DeclareRoles 注释。如果传递给 isCallerInRole 的角色名称不在 @DeclareRoles 中,则会抛出 IllegalStateException。我不确定装饰器中的安全性如何工作,但 @DeclareRoles 对我来说是关键。

这是一个简单的例子:

@Stateless
@LocalBean
@DeclareRoles({"user", "admin"})
public class ExampleEJB {
    @Resource
    private SessionContext sessionContext;

    public boolean isUserInRole(String roleName) {
        return sessionContext.isCallerInRole(roleName);
    }
}

I was receiving the same "No mapping available for role reference" error when calling the isCallerInRole(roleName) method within an EJB in GlassFish 3.1. What fixed it for me was adding the appropriate @DeclareRoles annotation to my EJB. If the role name passed to isCallerInRole is not in @DeclareRoles, an IllegalStateException gets thrown. I'm not sure how security works within a decorator but @DeclareRoles was the key for me.

Here is a simple example:

@Stateless
@LocalBean
@DeclareRoles({"user", "admin"})
public class ExampleEJB {
    @Resource
    private SessionContext sessionContext;

    public boolean isUserInRole(String roleName) {
        return sessionContext.isCallerInRole(roleName);
    }
}
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文