Do you have the correct security-role-mapping in sun-application.xml
(for ear) or sun-web.xml (for standalone war) or sun-ejb-jar.xml (for
standalone jar).
What errors do you get?
Shing Wai Chan
jon_c wrote:
> Glassfish/Java EE newbie question.. Apologies in advance.
>
> I'm trying to figure if there is a straightforward way to use message-layer
> credentials (i.e. wsse:UsernameToken from SOAP header) to perform
> authorization in my Web-Service (role-based permissions on my service Web
> Methods). In this case, the web service, which is deployed in the
> EJB-container, might look something like this:
>
> @WebService
> public class Service{
>
> @WebMethod
> @RolesAllowed("abc")
> public String helloWorld(){
> return "Hello World"
> }
> }
>
>
> Authenticating against the users in a realm seems pretty straight-froward
> with XWS, but I'm having difficulty getting the authorization part to work.
> Am I barking up the wrong tree? I can get it to work just fine using HTTP
> authentication, but would rather use the SOAP message so that I can have
> well integrated message-layer and application-layer security. Is it
> possible? practical?
>
> Thank you,
> Jon
>