ok - I have more information to add. I can force the client to preemptively send the basic authorization and that will ultimately cause the server to authenticate the user.
But when I dug deeper I realized that the problem is the server is not recognizing the fact that the resource being accessed should be protected. I want to allow all users to access this resource, assuming they have been authenticated. I have the following in my web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>ARM</web-resource-name>
<url-pattern>/ARM/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>jdbc</realm-name>
</login-config>
Then I have tried the following lines in my sun-web.xml:
<security-role-mapping>
<role-name>*</role-name>
<group-name>*</group-name>
</security-role-mapping>
I have also tried to turn on default principal-role mapping. This all worked fine with SunOne Application Server 8.2. I didn't have to specify the security-role-mapping and my realm worked to authenticate people.
I do not care what role/group people are in but I am having a hard time getting glassfish to accept that.
Help!!
[Message sent by forum member 'bcoulson220' ]
http://forums.java.net/jive/thread.jspa?messageID=373364