Markus KARG wrote:
> I am running this WebService on Glassfish V2 (no additional
> configuration done, just dropped it to the autodeploy directory):
>
> @Stateless
> @WebService
> public class StatisticsServer {
> public double average(double x, double y) {
> return (x + y) / 2.0;
> }
> }
>
> I am testing it with this client (running on Java 6, i. e., no
> additional configuration but just used wsimport to create classes from
> WSDL):
>
> public class StatisticsClient {
> public final static void main(final String... arguments) {
> StatisticsServer statisticsServer = new
> StatisticsServerService().getStatisticsServerPort();
> double average = statisticsServer.average(1, 2);
> }
> }
>
> It works pretty well.
>
> Now I want to add roles based security. So I am adding
> @RolesAllowed("PlainUser") to the method "average" and redeploy the
> server. After building the client once more, it tells me "Client not
> authorized for invocation of public final double
> statistics.server.StatisticsServer.average(double,double)".
>
> So my questions are:
>
> (1) How to tell the client that it shall authenticate me against the
> service?
> (2) I added a user to the "file" realm in Glassfish and set "Groups"
> to "PlainUser". Anything else I need to do to make it work?
>
Please see the following :
http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/
"For EJB web service endpoints with |_at_RolesAllowed|, you need to specify
the type of authentication to use by specifying the |<login-config>| and
|<auth-method>| elements in sun-ejb-jar.xml. For username-password
authentication, set the |<auth-method>| element to BASIC, as shown in
the following example. This step is required only for EJB web service
endpoints, and is not required for EJBs."
Let me know if that helped.
> It seems when it comes to security, all that nice and easy annotations
> things are over and there is a lot of hand work needed, right? Or is
> there something I have overseen, like
> "@AuthenticateAutomaticallyUsingCurrentOperatingSystemUserAccount"?
>
You can write and configure your own custom realm which can do
AuthenticateAutomaticallyUsingCurrentOperatingSystemUserAccount
Thanks.
> Thanks a lot!
> Markus
>