tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mark.cavender" <mark.caven...@sbcglobal.net>
Subject Re: restful web secruity for TOMEE
Date Fri, 09 Oct 2015 19:35:17 GMT
Thanks for the quick reply.  OK, I wrote a JAASLogin and am using a
JAASRealm.  The @RolesAllowed still isn't working in my REST service.  I'm
wondering if I am confusing some things. My configuration is as follows:

1)  I have declared the RESTful service as:  @Stateless 
@DeclareRoles({"viewer","poster"}) and declared a method as
@RolesAllowed({"poster"})

2)  in the web.xml I restricted the URL of the restful call to users with
roles of viewer and poster, although I have also tried to do it as an
asterick "*" as well.

3)  In the RESTful method, I can look at the request in the debugger and see
that I only have the viewer role, but it still lets me in the method even
though it is restricted to the poster role.  Do you see any flaws in my
logic?  Thanks in advance,

Mark



--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676462.html
Sent from the TomEE Users mailing list archive at Nabble.com.

Mime
View raw message