I played with it a little bit. I had integrity and confidentiality required with client/server mutual authentication. Same problem. I removed it and the problem remained, so I eliminated it from the differential and concentrated on the as-context configuration.
It seems to me that having authentication required in the as-context works, but unfortunately it won't inject that into a JSF managed bean that's not in a secure context (as you would expect with a bean level security framework). When you make the authentication optional (required=false) it will do the injection for everything, but it won't propagate the username/password for those method that do require authentication.
In the end I just stripped out all the method into an UnsecureOperationBean and configured it that way...dodgy from a design perspective, but it works :)
--- On Mon, 16/3/09, glassfish_at_javadesktop.org <glassfish_at_javadesktop.org> wrote:
From: glassfish_at_javadesktop.org <glassfish_at_javadesktop.org>
Subject: Re: ior-security-config help please
To: users_at_glassfish.dev.java.net
Received: Monday, 16 March, 2009, 2:29 PM
Hi,
Did you try playing with the transport-config element of the ior-security-config?
Look here for some hints:
http://blogs.sun.com/swchan/entry/enterprise_java_bean_over_ssl
http://blogs.sun.com/swchan/entry/enterprise_java_bean_over_ssl (scroll to the entry regarding the ior-security-config element).
I hope this helps your case, as I'm very curious myself what might be wrong. If I'll have some time, I'll try to setup a similiar scenario myself and test it a bit.
Thanks
--
Szymon Dembek
[Message sent by forum member 'szymondembek' (szymondembek)]
http://forums.java.net/jive/thread.jspa?messageID=337097
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net