On Tue, Jul 15, 2008 at 11:40 AM, V B Kumar Jayanti
<Vbkumar.Jayanti_at_sun.com> wrote:
>
> Not sure if you have hit some bug. Can you provide a testcase so i can
> reproduce this.
>
Sure thing.
I'll strip it down a bit, might take a day or two to get to it.
In the meantime I can copy-paste the relevant parts of my domain.xml
and web.xml.
Other than the group name assigned to the certificate realm, it's an
out of the box "development" installation of 9.1_02 (build b04-fcs) on
a debian etch x86, sun java 1.5.0_14. The servlet is the Jersey
servlet container from version 0.7, but that shouldn't matter I guess.
XXXX domain.xml XXXX
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"
name="certificate">
<property name="assign-groups" value="authorized"/>
</auth-realm>
XXXX
XXXX web.xml XXXX
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
<security-role>
<description />
<role-name>authorized</role-name>
</security-role>
<security-constraint>
<display-name>CCF-REST</display-name>
<web-resource-collection>
<web-resource-name>CCF_REST</web-resource-name>
<description></description>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>authorized</role-name>
</auth-constraint>
<user-data-constraint>
<description/>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
XXXX