Glassfish/Java EE newbie question.. Apologies in advance.
I'm trying to figure if there is a straightforward way to use message-layer
credentials (i.e. wsse:UsernameToken from SOAP header) to perform
authorization in my Web-Service (role-based permissions on my service Web
Methods). In this case, the web service, which is deployed in the
EJB-container, might look something like this:
@WebService
public class Service{
@WebMethod
@RolesAllowed("abc")
public String helloWorld(){
return "Hello World"
}
}
Authenticating against the users in a realm seems pretty straight-froward
with XWS, but I'm having difficulty getting the authorization part to work.
Am I barking up the wrong tree? I can get it to work just fine using HTTP
authentication, but would rather use the SOAP message so that I can have
well integrated message-layer and application-layer security. Is it
possible? practical?
Thank you,
Jon
--
View this message in context: http://www.nabble.com/Using-wsse%3AUsernametoken-for-role-based-authorization-tf3231745.html#a8979496
Sent from the java.net - glassfish users mailing list archive at Nabble.com.