Hi Ron,
Thank you for helping. I don't know what these policy files are. In web
admin console I created a new security realm (disk file), then added
some users into it. Web.xml tells the app server which realm and groups
to use. This works fine in my JAX-WS web services, so I figured it
would work the same in JAX-RPC. I pretty much copy/pasted the security
related stuff from web.xml.
I looked in domains/domain1/config and only see a server.policy, not the
other two .policy files you mentioned. Where should I see them?
Do these policy files get modified as you create realms and users in the
realms?
Thanks,
Ryan
glassfish_at_javadesktop.org wrote:
> Not sure if I know what is going on. The forbidden error code is (supposed to be) returned by Glassfish when the transport check fails and the target url is protected by an auth-constraint naming no roles. In that case, redirection to a confidential transport will not help, and forbidden is returned to preclude the redirection.
>
> maybe there is more to your web.xml, and to your policy file. Can you attach the contents of your apps policy files. both granted.policy and excluded.policy. If there were any auth-constraints nameing no roles, they will have been translated into "negative" grants in excluded.policy.
>
> Ron
> [Message sent by forum member 'monzillo' (monzillo)]
>
> http://forums.java.net/jive/thread.jspa?messageID=274078
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>