我花了两天时间尝试解决服务器日志充斥着不需要的异常的问题,所以我认为这对其他人也可能有帮助。它们看起来像这样,并且发生在来自客户端应用程序的每个经过身份验证的请求(标准的经过身份验证的请求是在没有身份验证的情况下发送的,服务器应该以 401 和身份验证质询进行响应)。
13:14:25,312 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: Jakarta Enterprise Beans Invocation failed on component NexusAuthorizationRestService for method public java.util.List org.jboss.downloadmanager.rest.nexus.NexusAuthorizationRestService.getAllRoles(javax.servlet.http.HttpServletRequest) throws org.jboss.downloadmanager.rest.download.InvalidParametersException,org.jboss.downloadmanager.rest.download.UserUnauthorizedException,org.jboss.downloadmanager.rest.download.InvalidUserCredentialsException,org.jboss.downloadmanager.rest.nexus.MissingCredentialsException: javax.ejb.EJBException: org.jboss.downloadmanager.rest.nexus.MissingCredentialsException
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:268)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:390)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:160)
at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
.......... and another 148 line of stack trace
简化休息服务。该方法返回一些数据(角色列表),但如果您未在请求中使用“Authorization”标头进行身份验证,
@Stateless
public class MyRestService {
@GET
@Path("/allRoles")
@Produces("application/json")
public List<String> getAllRoles(@Context HttpServletRequest httpServletRequest) throws InvalidUserCredentialsException, MissingCredentialsException {
if(httpServletRequest.getHeader("Authorization") == null)
throw new MissingCredentialsException();
............
}
应用异常定义。
public class MissingCredentialsException extends RuntimeException {
private static final long serialVersionUID = 3388868131554531339L;
}
最后是异常映射器,它处理请求,以便客户端收到带有身份验证质询的良好响应:
@Provider
public class MissingCredentialsExceptionMapper implements ExceptionMapper<MissingCredentialsException> {
@Override
public Response toResponse(MissingCredentialsException exception) {
return Response.serverError().header("WWW-Authenticate", "Basic realm=\"nexus\"").status(Response.Status.UNAUTHORIZED).type(MediaType.TEXT_PLAIN).entity("Basic authentication is required!").build();
}
}
问题出在异常类型上。根据官方文档,应用程序逻辑按照您的预期工作。但该文档没有提及 RuntimeException 被视为一般故障并报告到日志的事实。
但是,如果您使用 java.lang.Exception 代替,RestEasy 会认为这可能是一个想要的应用程序错误,并保持您的 server.log 干净整洁。
public class MissingCredentialsException extends Exception {
private static final long serialVersionUID = 3388868131554531339L;
}