users@glassfish.java.net

Re: JAX-RPC servlet endpoint with HTTP basic auth & SSL

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Tue, 13 May 2008 18:12:50 -0400

There is just a granted.policy and it looks like:


/* AUTOMATICALLY GENERATED ON Tue May 13 18:10:11 EDT 2008*/
/* DO NOT EDIT */

grant {
  permission javax.security.jacc.WebResourcePermission "/*",
"!DELETE,HEAD,OPTIONS,POST,PUT,TRACE";
  permission javax.security.jacc.WebUserDataPermission "/*",
"DELETE,HEAD,OPTIONS,POST,PUT,TRACE:CONFIDENTIAL";
  permission javax.security.jacc.WebUserDataPermission "/*",
"!DELETE,HEAD,OPTIONS,POST,PUT,TRACE";
};


The web.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <context-param>
        <param-name>ImagesFolder</param-name>
        <param-value>D:\dev\myservice\resources\headers\</param-value>
    </context-param>
   
    <resource-ref>
        <res-ref-name>jdbc/Central_DS</res-ref-name>
        <res-type>javax.sql.DataSource</res-type>
        <res-auth>Container</res-auth>
        <res-sharing-scope>Shareable</res-sharing-scope>
    </resource-ref>
   
    <servlet>
        <servlet-name>WSServlet_MyService</servlet-name>
        <servlet-class>com.ijws.myservice.rpc.MyServiceImpl</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>WSServlet_MyService</servlet-name>
        <url-pattern>/My</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            5
        </session-timeout>
    </session-config>
   
    <security-constraint>
        <display-name>SSL Constraint</display-name>
        <web-resource-collection>
            <web-resource-name>WSServlet_MyService</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>HEAD</http-method>
            <http-method>POST</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>IJWAPPS</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description/>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>centralData</realm-name>
    </login-config>
    <security-role>
        <role-name>IJWAPPS</role-name>
    </security-role>
</web-app>



glassfish_at_javadesktop.org wrote:
> when you deploy your application, we translate the security contraints in web.xml to application specific policy files located under domains/domainx/generated/policy/appname.
>
>
>> Do these policy files get modified as you create realms and users in the
>> realms?
>>
>
> the policy files are not modified when you add users to realms. they depend on the principal to role mapping in effect at the time of deployment. if your p2r mapping ids based on groups, you can add new users to groups without needing to regenerate policy. If your p2r mapping is based on user principals, you will have to regenerate the policy if you change the user principal to role mapping.
>
> jaxrpc has some differences from jaxws (and is a bit outdated), so you may have encountered a bug. but we whould take a look at the policy files, as they will tell us
> what the servlet container is enforcing for its policy.
>
> Ron
>
> fwiw, our the policy system is a pluggable component according to the contract defined by jsr 115. Glassfish ships with a policy provider that is an extension of the default j2se policy provider.
> [Message sent by forum member 'monzillo' (monzillo)]
>
> http://forums.java.net/jive/thread.jspa?messageID=274149
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>