users@glassfish.java.net

Re: Glassfish 3.1.1, security, realms, principal->role mapping

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Sat, 13 Aug 2011 17:06:55 +0530

There does not seem to be anything wrong in what you are trying and ideally it should have worked.

But can you do the following :

1. Undeploy the WebService (make sure it is cleanly undeployed, there should be no entry for the app under generated/policy)
2. Enable Default P2R in GlassFish and Stop GlassFish.
3. Restart GlassFish
4. Deploy the WebService

and then try again. If it still does not work show us the granted.policy file that is generated upon deployment of the app. You will find it under domains/domain1/generated/policy/....


On 12-Aug-2011, at 11:02 PM, forums_at_java.net wrote:

> I'm trying to secure a simple webservice/ejb but I think I'm not
> understanding how things work very well. I have a JDBC realm working and is
> being used in a webapp. Now I'm trying to secure the ejb/webservice. My realm
> has the following groups: "Administrator", "User".
>
> From what I understood after reading a lot of posts if I check "Default
> Principal To Role Mapping" and use the realm groups in
> @RolesAllowed/_at_DeclareRoles authentication should work. I wont need the
> sun-whatever.xml files. Is that correct? I have the following webservice,
> sayHello works but it always returns Hello User, even if I call the service
> with an administrator (testing with soapui). saySecureHello always gives me
> an exception "java.lang.Exception: Client not authorized for invocation". Can
> you guys tell me what I'm missing?
>
> HelloService.java ... @Singleton @LocalBean @WebService
> @DeclareRoles("Administrator") public class HelloService implements Hello {
> @Resource WebServiceContext ctx; @PermitAll public
> String sayHello(){ if(ctx.isUserInRole("Administrator")){
> return "Hello Admin!!!"; }else{
> return "Hello User!!!"; } }
> @RolesAllowed("Administrator") public String saySecureHello(){
> return "Hello "+ctx.getUserPrincipal().getName()+"!!!!"; } }
>
> --
>
> [Message sent by forum member 'fawzib']
>
> View Post: http://forums.java.net/node/832305
>
>