when you deploy your application, we translate the security contraints in web.xml to application specific policy files located under domains/domainx/generated/policy/appname.
> Do these policy files get modified as you create realms and users in the
> realms?
the policy files are not modified when you add users to realms. they depend on the principal to role mapping in effect at the time of deployment. if your p2r mapping ids based on groups, you can add new users to groups without needing to regenerate policy. If your p2r mapping is based on user principals, you will have to regenerate the policy if you change the user principal to role mapping.
jaxrpc has some differences from jaxws (and is a bit outdated), so you may have encountered a bug. but we whould take a look at the policy files, as they will tell us
what the servlet container is enforcing for its policy.
Ron
fwiw, our the policy system is a pluggable component according to the contract defined by jsr 115. Glassfish ships with a policy provider that is an extension of the default j2se policy provider.
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=274149