I am running this WebService on Glassfish V2 (no additional
configuration done, just dropped it to the autodeploy directory):
@Stateless
@WebService
public class StatisticsServer {
public double average(double x, double y) {
return (x + y) / 2.0;
}
}
I am testing it with this client (running on Java 6, i. e., no
additional configuration but just used wsimport to create classes from
WSDL):
public class StatisticsClient {
public final static void main(final String... arguments) {
StatisticsServer statisticsServer = new
StatisticsServerService().getStatisticsServerPort();
double average = statisticsServer.average(1, 2);
}
}
It works pretty well.
Now I want to add roles based security. So I am adding
@RolesAllowed("PlainUser") to the method "average" and redeploy the
server. After building the client once more, it tells me "Client not
authorized for invocation of public final double
statistics.server.StatisticsServer.average(double,double)".
So my questions are:
(1) How to tell the client that it shall authenticate me against the
service?
(2) I added a user to the "file" realm in Glassfish and set "Groups" to
"PlainUser". Anything else I need to do to make it work?
It seems when it comes to security, all that nice and easy annotations
things are over and there is a lot of hand work needed, right? Or is
there something I have overseen, like
"@AuthenticateAutomaticallyUsingCurrentOperatingSystemUserAccount"?
Thanks a lot!
Markus
--
http://www.xing.com/go/invita/58469