1. You will have to specify your EJB security in your ejb-jar.xml
See
http://docs.sun.com/app/docs/doc/819-3669/bnbyk?a=view
Manfred
-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: Monday, August 18, 2008 7:49 AM
To: users_at_glassfish.dev.java.net
Subject: Glassfish FileRealm
Hi,
I am having trouble getting access control working on EJB method calls. I was hoping someone could spot what I missed.
I have a user setup in glassfish, using file realm, with 2 groups. One is "User" and the other is "Create Something". "User" group is mapped to "USER" security-role in sun-web.xml which is used in web.xml as auth-contraint to the security configuration. This allows to force login etc.
The EJB method is annotated with @RolesAllowed("Create Something"). The user is not able to execute the method.
I have not enabled Security Manager.
I have not specified or enabled default principal to role mapping.
1. Am I correct in saying the mapping in sun-web.xml is not required for "Create Something"?
2. What have I done wrong or missed?
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=293919
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net