users@glassfish.java.net

Re: jdbc realm with web service security not working

From: <glassfish_at_javadesktop.org>
Date: Tue, 25 Mar 2008 04:58:13 PST

> Yes, I configured using netbeans message level
> security and I wanted this message level security to
> authentificate the user against a jdbc realm. I don't
> know if what I did was correct, so I am open to any
> suggestions on how to do that.

You have to decide whether your usecase needs SOAP Message Security or whether just Basic Auth is enough.

As you realized during your debugging you can authenticate against your JDBC realm even if you are just doing BASIC authentication.

>
> Also, are you sure declarative security does not work
> on Serlvlet WebService?

@RolesAllowed does not work on Servlet WebServices yet.

>I build an web-app and an EAR
> (btw, I moved the configuration from sun-ejb-jar.xml
> to sun-application.xml just as you suggested, and
> configured the realm and security-role-mapping there
> for both the web and ejb module), and it seems to
> work fine.
> The only problem I have now is that injection does
> not work (i tried @EJB - it throws an Exception and
> @Resource - it doesn't throw any exception but the
> WebServiceContext I wanted is always null, even if I
> try to do a lookup).

Can you send this in a New Thread so that it gets better attention (since the heading of this thread seems to indicate security issue).
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=265662