Can somebody help me with interesting problem? I've got a simple Enterprise (ear) application wich consists of two modules: ejb and war. For example.
Simple bean MyBean:
packege beans;
@Local
public interface MyLocal {//Local interface of MyBean
public String localMethod();
}
packege beans;
@Remote
public interface MyRemote {//Remote interface of MyBean
public String remoteMethod();
}
packege beans;
@Stateless
@RolesAllowed("Admin") //only admins can access this bean
public class MyBean implements beans.MyRemote, beans.MyLocal {//Implementing of MyBean
public String localMehtod(){
return "You belongs to admin group and invoked local method of MyBean";
}
public String remoteMethod(){
return "You belongs to admin group and invoked remote method of MyBean";
}
}
Simple WebService MyWebService:
@WebService
@SOAPBinding(style = Style.RPC)
@RolesAllowed("User")
public class MyWebService {
@EJB private MyLocal myBean;
@WebMethod
public String invokeLocalMethod(){
return myBean.localMethod();
}
}
When user invokes this method of MyWebService he authenticates through BASIC authentication and passes login name and password. Security role mapping defined in application.xmp in ear. But ejb can't authenticates this invoke. I thought that if war and ear belongs to one app (ear) than it possible to do thuch things (war as part of single ear can accesses to protected ejbs). I tried to apply @RunAS("Admin") to web service, but it doesn't helped to resolve the problem.
And one more. It is possible to change Java Web Start login window (at least message, wich appeares there), when user tries to access to restricted resources, such as web service methods and ebj methods?
[Message sent by forum member 'alexbxz' (alexbxz)]
http://forums.java.net/jive/thread.jspa?messageID=239683