> Hello
> I do not fully understand your reply. You say "both
> would share the same p2r mapping, and realm", what is
> p2r ?
>
Principal to Role Mapping
> The idea of separating this web application into two
> did occur to me but I am not very enthusiastic, I
> think it would increase the scope for mistakes in
> future. Plus I would need to manually build a jar
> file containing all the code shared by both web
> applications, or move the Java out of the existing
> NetBeans project into a 3rd project which creates a
> jar used by both web applications.
>
> Is there any chance that the WS-Security API might
> enable a web app to provide a web service using a
> separate authentication method ? I do not want to get
> involved with WS-Security but if it causes less scope
> for error than separate web applications it might be
> worth it.
Yes it might be possible to have a Servlet and WebService in the same War with only the servlet having <auth-constraint> specified for it.
Then for the WebService you can configure WS-Security Via NB and the whole thing might work. I have not tried ( i can try it when i have some time).
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=336289