Using NetBeans, I have created an STS Service, and I'm able to deploy this STS to Glassfish v2.
It is using the Username Authentication with Symmetric Key Security Mechanism.
By default, the service uses the standard Glassfish "file" realm for it's Username/Password database.
I created a different file realm, named "testrealm".
I bundled the STS WAR in to an EAR, and added a sun-application.xml file to the EAR. Within the sun-application.xml, I added a <realm>testrealm</realm> element. But the STS still uses the original file realm.
i changed the GF default realm to testrealm, and restarted it, and the STS started to use that instead.
But I'd rather be able to specify which realm I was to use with the application rather than change the default realm for the entire server.
Normally for web apps, you use a <security-constraint> clause in the web.xml, but the STS service completely lack a security-constraint clause, and it's not clear that this is the appropriate mechanism for this case, since it's a web service.
Any insight on how to work with this would be appreciated.
[Message sent by forum member 'whartung']
http://forums.java.net/jive/thread.jspa?messageID=469574