If you are not relying on an EJB container, then I believe there is a
filter that you have to add to your config to enable equiv security
validation ... Once that is done, your existing annotations will do
the trick (I think :-) )
Moises
Sent from my iPhone
On May 28, 2010, at 7:00 AM, Witold Szczerba <pljosh.mail_at_gmail.com>
wrote:
> Hi there,
> I have problem with JAX-RS security.
> Environment: GlassFish v3 (build 74.2)
>
> @Path("generic")
> @RolesAllowed("user")
> @Stateless
> public class GenericResource {
> ....
> }
>
> And now:
> http://localhost:8080/WebApplication1/resources/generic
> produces:
> HTTP Status 500
> javax.servlet.ServletException: javax.ejb.AccessLocalException: Client
> not authorized for this invocation.
>
> When I remove @Stateless annotation, then everything works, but
> browser does not ask for user/password, so there is no security.
> However, I have also one servlet in this application like this:
>
> @WebServlet(name="NewServlet", urlPatterns={"/NewServlet"})
> @ServletSecurity(@HttpConstraint(rolesAllowed = "user"))
> public class NewServlet extends HttpServlet {
> ...
> }
>
> And this servlet works fine. Web browser asks for username/password
> and when provided I can see the page, so Glassfish and project/web-app
> are both configured correctly.
>
> Any ideas what's wrong?
>
> Thanks,
> Witold Szczerba
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>