tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: restful web secruity for TOMEE
Date Fri, 09 Oct 2015 22:14:12 GMT
Hi

Maybe share a project to reproduce on github, this sounds like something
which works.

Tip: a maven project with tomee maven plugin ready to run is the best way
to get a fast answer ;)

Romain

2015-10-09 21:35 GMT+02:00 mark.cavender <mark.cavender@sbcglobal.net>:

> Thanks for the quick reply.  OK, I wrote a JAASLogin and am using a
> JAASRealm.  The @RolesAllowed still isn't working in my REST service.  I'm
> wondering if I am confusing some things. My configuration is as follows:
>
> 1)  I have declared the RESTful service as:  @Stateless
> @DeclareRoles({"viewer","poster"}) and declared a method as
> @RolesAllowed({"poster"})
>
> 2)  in the web.xml I restricted the URL of the restful call to users with
> roles of viewer and poster, although I have also tried to do it as an
> asterick "*" as well.
>
> 3)  In the RESTful method, I can look at the request in the debugger and
> see
> that I only have the viewer role, but it still lets me in the method even
> though it is restricted to the poster role.  Do you see any flaws in my
> logic?  Thanks in advance,
>
> Mark
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676462.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message