users@glassfish.java.net

Re: Securing an STS in Glassfish

From: Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Thu, 13 May 2010 12:55:31 +0530

glassfish_at_javadesktop.org wrote:
> Using NetBeans, I have created an STS Service, and I'm able to deploy this STS to Glassfish v2.
>
> It is using the Username Authentication with Symmetric Key Security Mechanism.
>
> By default, the service uses the standard Glassfish "file" realm for it's Username/Password database.
>
> I created a different file realm, named "testrealm".
>
> I bundled the STS WAR in to an EAR, and added a sun-application.xml file to the EAR. Within the sun-application.xml, I added a <realm>testrealm</realm> element. But the STS still uses the original file realm.
>
>
It should not be the case. What is the version of GlassFish you are
using. I assume you are installing Metro 2.0 over it ?. Can you try V2.1.1
> i changed the GF default realm to testrealm, and restarted it, and the STS started to use that instead.
>
> But I'd rather be able to specify which realm I was to use with the application rather than change the default realm for the entire server.
>
> Normally for web apps, you use a <security-constraint> clause in the web.xml, but the STS service completely lack a security-constraint clause, and it's not clear that this is the appropriate mechanism for this case, since it's a web service.
>
>
 you cannot have a login-config in web.xml since your intent is to use
SOAPMessage security. So what you did is correct.
> Any insight on how to work with this would be appreciated.
> [Message sent by forum member 'whartung']
>
> http://forums.java.net/jive/thread.jspa?messageID=469574
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>