Hello all,
I have a EJB 3.1 web service deployed in glassfish 3. I am trying to apply security to this service.
These are the steps I took so far:
- added @DeclareRoles and @RolesAllowed annotations to my web service
-------------------
@Stateless
@WebService(endpointInterface="TestService")
@Local(TestService.class)
@DeclareRoles({"test"})
@RolesAllowed("test")
public class TestServiceImpl implements TestService{
-------------------
- added the user "test" in Glassfish security under the file realm
- enabled SecurityManager and DefaultPrincipalToRoleMapping in glassfish
- added the following in sun-ejb-jar.xml
----------------------
<enterprise-beans>
<ejb>
<ejb-name>TestServiceImpl</ejb-name>
<webservice-endpoint>
<port-component-name>TestServiceImpl</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
<realm>default</realm>
</login-config>
</webservice-endpoint>
</ejb></enterprise-beans>
------------------
When accessing the web service methods, either through the webservice tester or through another application (I am using SoapUI), I receive a soap error message instead of an "expected" login form.
<faultcode>S:Server</faultcode>
<faultstring>java.lang.Exception: Client not authorized for invocation of public java.util.List test.TestServiceImpl.getAllBrands()</faultstring>
...
Can anybody help me understand why this happens, and what I can do about it?
Thanks in advance.
[Message sent by forum member 'stefancatalin' (catalin.stefan_at_yahoo.com)]
http://forums.java.net/jive/thread.jspa?messageID=384224