Hi there,
I have problem with JAX-RS security.
Environment: GlassFish v3 (build 74.2)
@Path("generic")
@RolesAllowed("user")
@Stateless
public class GenericResource {
....
}
And now:
http://localhost:8080/WebApplication1/resources/generic
produces:
HTTP Status 500
javax.servlet.ServletException: javax.ejb.AccessLocalException: Client
not authorized for this invocation.
When I remove @Stateless annotation, then everything works, but
browser does not ask for user/password, so there is no security.
However, I have also one servlet in this application like this:
@WebServlet(name="NewServlet", urlPatterns={"/NewServlet"})
@ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
public class NewServlet extends HttpServlet {
...
}
And this servlet works fine. Web browser asks for username/password
and when provided I can see the page, so Glassfish and project/web-app
are both configured correctly.
Any ideas what's wrong?
Thanks,
Witold Szczerba