【发布时间】:2017-05-17 12:30:54
【问题描述】:
我想查看哪个用户尝试访问其各自角色不允许访问的 EJB 方法(通过 @RolesAllowed 注释)。 看来我只能看到日志中发生了Failed Permission Check(+在哪个Bean,什么方法和时间戳上),但没有谁试图调用它:
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [INFO] [] [javax.enterprise.system.core.security] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 800] [[
JACC Policy Provider: Failed Permission Check, context(SecuredAccess/SecuredAccess_EJB_jar)- permission(("javax.security.jacc.EJBMethodPermission" "WorkBean" "administrationTask,Local,"))]]
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [WARNING] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 900] [[
A system exception occurred during an invocation on EJB WorkBean, method: public java.lang.String work.WorkBean.administrationTask()]]
有什么方法可以配置 Glassfish,以便它记录调用用户的主体或至少某种会话 ID,然后我可以将其映射到特定用户?它记录每个有效方法调用的用户,但不知何故不记录被拒绝的方法。
【问题讨论】:
标签: jakarta-ee logging glassfish ejb glassfish-4.1