tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <>
Subject Re: restful web secruity for TOMEE
Date Fri, 09 Oct 2015 22:14:12 GMT

Maybe share a project to reproduce on github, this sounds like something
which works.

Tip: a maven project with tomee maven plugin ready to run is the best way
to get a fast answer ;)


2015-10-09 21:35 GMT+02:00 mark.cavender <>:

> Thanks for the quick reply.  OK, I wrote a JAASLogin and am using a
> JAASRealm.  The @RolesAllowed still isn't working in my REST service.  I'm
> wondering if I am confusing some things. My configuration is as follows:
> 1)  I have declared the RESTful service as:  @Stateless
> @DeclareRoles({"viewer","poster"}) and declared a method as
> @RolesAllowed({"poster"})
> 2)  in the web.xml I restricted the URL of the restful call to users with
> roles of viewer and poster, although I have also tried to do it as an
> asterick "*" as well.
> 3)  In the RESTful method, I can look at the request in the debugger and
> see
> that I only have the viewer role, but it still lets me in the method even
> though it is restricted to the poster role.  Do you see any flaws in my
> logic?  Thanks in advance,
> Mark
> --
> View this message in context:
> Sent from the TomEE Users mailing list archive at

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message