users@glassfish.java.net

Web Services and default realms

From: <glassfish_at_javadesktop.org>
Date: Thu, 16 Oct 2008 11:15:13 PDT

I've been trying to get my web service examples to work with a non-default realm and I consistently get "Authentication refused". Does anyone know if this actually works.

Steps
1. In GlassFish admin, create a new security realm called "TestRealm". Create it as a file based realm.
2. Add a user TestUser, and put that user in the group EverybodyRole
3. In Netbeans create a new Enterprise Application Project (only create the EJB portion of the project, leave the rest unchecked).
4. In the -ejb project, create a new Web Service such that
        @DeclareRoles({"EverybodyRole", "Role1"})
        @WebService(targetNamespace="urn:com:xxx:securewebservices:ejb", name="EchoService", portName="EchoServicePort", serviceName="EchoService")
        @Stateless(name="EchoService")
        public class EchoService {

            /**
             * Web service operation
             * @param arg0
             * @return
             */
            @RolesAllowed({"EverybodyRole", "Role1"})
            @TransactionAttribute(TransactionAttributeType.NEVER)
            @WebMethod(operationName = "echo", action="urn:com:xxx:securewebservices:ejb:echo")
            public String echo(@WebParam(name = "arg0") String arg0) {
                return new java.util.Date() + " : " + arg0;
            }
        }
5. Under the design view, secure the Web Service by clicking on secure and setting the configuration to "Username Authentication with Symmetric Key", keep development defaults
6. Create the sun-application.xml in the EAR such that
        <?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
        <sun-application>
            <security-role-mapping>
                <role-name>EverybodyRole</role-name>
                <group-name>EverybodyRole</group-name>
            </security-role-mapping>
            <security-role-mapping>
                <role-name>Role1</role-name>
                <group-name>Role1</group-name>
            </security-role-mapping>
            <realm>SecureWebServices_PPLLCRealm</realm>
        </sun-application>
7. Build and deploy the project
8. Create a client application to call the service
9. You should now see that when the "TestRealm" is the default realm everything works just fine, but when you reconfigure glassfish to use the file realm (or some other one) the authentication fails.

Has anyone else had this problem?

Thanks,
    drampulla
[Message sent by forum member 'drampulla' (drampulla)]

http://forums.java.net/jive/thread.jspa?messageID=308299
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.