为什么在TomEE上远程调用EJB时​​会出现AuthenticationException？

Question

我有一个在TomEE 7.0.3服务器上运行的ejb。顺便说一句，所有这一切都在Tomee 1.7.4工作。 我已经安装了一套使用tomcat-users.xml文件

<tomcat-users> 
    <role rolename="admin" /> 
    <role rolename="admin-gui" /> 
    <role rolename="admin-script" /> 
    <role rolename="manager" /> 
    <role rolename="manager-gui" /> 
    <role rolename="manager-script" /> 
    <role rolename="manager-jmx" /> 
    <role rolename="manager-status" /> 
    <role rolename="tomee-admin" /> 
    <user 
     name="admin" 
     password="admin" 
     roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status,tomee-admin" /> 
    <role rolename="tomcat" /> 
    <user 
     name="tomcat" 
     password="tomcat" 
     roles="tomcat" /> 
    <user 
     name="manager" 
     password="manager" 
     roles="manager" /> 
</tomcat-users> 

用户的我能够能够通过提供的凭据为用户“管理员”访问URL http://127.0.0.1/tomee/ejb。 我的server.xml文件中有以下条目

<Resource auth="Container" description="User database that can be updated and saved" 
    factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" 
    pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> 

和

<Realm className="org.apache.catalina.realm.LockOutRealm"> 
     <!-- This Realm uses the UserDatabase configured in the global JNDI resources 
      under the key "UserDatabase". Any edits that are performed against this UserDatabase 
      are immediately available for use by the Realm. --> 
     <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
      resourceName="UserDatabase" /> 
    </Realm> 

问题是，当我尝试远程调用EJB，我JNDI InitialContext的使用以下属性。

java.naming.factory.initial=org.apache.openejb.client.RemoteInitialContextFactory 
java.naming.provider.url=http://127.0.0.1:8082/tomee/ejb 
java.naming.security.principal=admin 
java.naming.security.credentials=admin 

以下是调用ejb的代码。

public static Object locateService(String serviceName) throws NamingException, IOException { 
    InputStream in = ServiceLocator.class.getClassLoader().getResourceAsStream("servicelocator.properties"); 
    Properties p = new Properties(); 
    p.load(in); 
    InitialContext ctx = new InitialContext(p); 
    return ctx.lookup("PaymentManagerRemote"); 
} 

正如你看到的，我提供正确的用户名和密码，但我得到以下异常

Apr 27, 2017 12:39:07 PM org.apache.openejb.client.EventLogger log 
INFO: RemoteInitialContextCreated{providerUri=http://127.0.0.1:8082/tomee/ejb} 
Exception in thread "main" javax.naming.AuthenticationException: Error while communicating with server: ; nested exception is: 
    javax.naming.AuthenticationException 
    at org.apache.openejb.client.JNDIContext.authenticate(JNDIContext.java:381) 
    at org.apache.openejb.client.JNDIContext.getInitialContext(JNDIContext.java:289) 
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) 
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) 
    at javax.naming.InitialContext.init(InitialContext.java:244) 
    at javax.naming.InitialContext.<init>(InitialContext.java:216) 
    at co.uk.meghdoot.core.util.ServiceLocator.locateService(ServiceLocator.java:20) 
    at co.uk.meghdoot.core.test.DeviceLocationTest.setUp(DeviceLocationTest.java:53) 
    at co.uk.meghdoot.core.test.DeviceLocationTest.main(DeviceLocationTest.java:109) 

任何人都可以阐明这一些轻？

Answer 1

使用tomcat-users.xml假定你在Server.xml中使用UserDatabaseRealm作为领域，这可能不是这种情况（没有写在你的问题中）。这也假定认证是通过servlet/tomcat骨干完成的。直到你添加了tomee webapp（你可以在物理上创建它并定义ejbd servlet - 参见http://tomee.apache.org/ejbd-transport.html - 做一个request.login（）的过滤器，默认情况下情况并非如此。

使用ejbd协议tomee会自动登录使用tomee安全服务，默认情况下依赖于server.xml的第一个领域