0
我想看看哪个用户试图访问不允许他的角色(通过@RolesAllowed注释)的EJB方法。 看来我只能看到一个失败的权限检查在日志中发生(+上豆,有什么方法和时间戳),而不是试图把它叫做:Glassfish日志用户失败的权限检查
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [INFO] [] [javax.enterprise.system.core.security] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 800] [[
JACC Policy Provider: Failed Permission Check, context(SecuredAccess/SecuredAccess_EJB_jar)- permission(("javax.security.jacc.EJBMethodPermission" "WorkBean" "administrationTask,Local,"))]]
[2016-12-15T17:48:36.061+0100] [glassfish 4.1] [WARNING] [AS-EJB-00056] [javax.enterprise.ejb.container] [tid: _ThreadID=96 _ThreadName=http-listener-1(4)] [timeMillis: 1481820516061] [levelValue: 900] [[
A system exception occurred during an invocation on EJB WorkBean, method: public java.lang.String work.WorkBean.administrationTask()]]
有什么办法来配置Glassfish,以便它记录主叫用户的主体或至少某种类型的会话ID,然后我可以映射到特定用户?它记录每个有效方法调用的用户,但不知道如何拒绝。