Hi,
I am having trouble getting access control working on EJB method calls. I was hoping someone could spot what I missed.
I have a user setup in glassfish, using file realm, with 2 groups. One is "User" and the other is "Create Something". "User" group is mapped to "USER" security-role in sun-web.xml which is used in web.xml as auth-contraint to the security configuration. This allows to force login etc.
The EJB method is annotated with @RolesAllowed("Create Something"). The user is not able to execute the method.
I have not enabled Security Manager.
I have not specified or enabled default principal to role mapping.
1. Am I correct in saying the mapping in sun-web.xml is not required for "Create Something"?
2. What have I done wrong or missed?
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=293919