>>> I definitely have a security role called
>>>
>> "centralData" that contains
>>
>>> at least one user in a group called IJWAPPS.
>>>
>> Sorry it's late and I used the wrong word. I meant
>> to say security
>> realm instead of security role
> do you have a principal-2-role mapping that maps the group IJWAPPS to the corresponding role?
>
> Also I seem to remember that principal-2--role mappings defined at the (web) module being ignored when their is an application level p2r mapping defined (or maybe I have that backwards). In any event being that if you do have the group mapped to the role, then perhaps the mapping is being ignored based on what I wrote above.
>
> Ron
>
Thanks Ron and everyone else from Sun who helped on the mailing list and
in emails. There were several things I needed to do:
1) Upgrade from SJSAS 9.1 FCS to v9.1 Update Release 2. This fixed some
weird obscure things like single slash after http:, no hostname, etc.
2) Edit sun-web.xml and add this principal to role mapping. What's
kinda funny is I've been through this issue before with JAX-WS, added a
few lines to sun-web.xml then forgot about it until now. The lines I
added were:
<security-role-mapping>
<role-name>IJWAPPS</role-name>
<group-name>IJWAPPS</group-name>
</security-role-mapping>
3) After deploying the app to GlassFish/SJSAS, I needed to manually edit
the generated WSDL so that it would say https instead of http, and to
use a different port number. The generated WSDL files was found at
domains\domain1\generated\xml\j2ee-modules\MyService\WEB-INF\wsdl and
the line I edited was at the very bottom. It was called soap:address
4) I think the app server put the computer's hostname in the
soap:address of WSDL, and I needed a different name to show up. In the
web admin console I entered the name I needed to show up in the "Server
Name" field of the HTTP Listeners. I had to restart the app server
after this.
Is there a better way to tell it to use https and different port than
editing the generated WSDL file after deployment?
Thanks,
Ryan