Wildfly ContextService并发securityIdentity为null

本文介绍了Wildfly ContextService并发securityIdentity为null的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试通过队列发送对象。该对象包装在ContextService的createContextualProxy中。但是，如果我打开对象，则securityIdentity为null。该对象是正确的代理。

发件人：

  @Resource （name = DefaultContextService）
 private ContextService cs; 
 
 public void sendMessage（）{
 ObjectMessage objectMessage = context.createObjectMessage（）; 
 objectMessage.setObject（（Serializable）cs.createContextualProxy（< ObjectToSend> ;, 
 Runnable.class））; 
 context.createProducer（）。send（queue，objectMessage）; 
}

收件人：

  ObjectMessage消息=（ObjectMessage）消息; 
 Runnable myObject =（可运行）message.getObject（）; 
 myObject.run（）;

可运行的myObject是一个代理。但是securityIdentity = null。

唯一的方法是将用户的安全身份直接合并到要发送的对象中。

安全上下文信息不是保留在上下文代理中，因为WildFly（最高15.0.1）已损坏。

JMS要求ObjectMessage有效负载是可序列化的。但是安全身份对象保留在代理中（对象）不可序列化，因此声明为 transient 在代理实现。

因此，它在随后的JMS消息序列化/反序列化过程中无法生存。。

有一个旧的已经关闭，但是我知道从那以后安全实现已被完全替换...

I am trying to send an object over a queue. The object is wrapped in the createContextualProxy of the ContextService. But if I am unwrap the object, the securityIdentity is null. The object is a correct Proxy.

Sender:

@Resource(name = "DefaultContextService")
private ContextService cs;

public void sendMessage() {
    ObjectMessage objectMessage = context.createObjectMessage();
    objectMessage.setObject((Serializable) cs.createContextualProxy(<ObjectToSend>, 
            Runnable.class));            
    context.createProducer().send(queue, objectMessage);
}

Receiver:

ObjectMessage message = (ObjectMessage) msg;                
Runnable myObject = (Runnable) message.getObject();
myObject.run();

The runnable myObject is a Proxy. But the securityIdentity=null.

Did anyone had this issue before?

解决方案

The only way to do this is to incorporate the security identity of the user directly into the object that you are sending.

Security context information is not retained in the contextual proxy because WildFly (up to 15.0.1) is broken.

JMS requires ObjectMessage payloads to be Serializable. However the security identity object retained in the proxy (a org.wildfly.security.auth.server.SecurityIdentity object) is not Serializable, so it is declared transient in the org.jboss.as.ee.concurrent.IdentityAwareProxyInvocationHandler proxy implementation.

Consequently it does not survive the subsequent JMS message serialisation/deserialization process.

There is an old WildFly issue that has been closed, but I know that the security implementation has been completely replaced since then...

这篇关于Wildfly ContextService并发securityIdentity为null的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！