tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arthur Portas <arthur.por...@itsector.pt>
Subject Re: restful web secruity for TOMEE
Date Mon, 12 Oct 2015 09:30:56 GMT
Hum...i've read somewhere that security annotations in TomEE currently only
work with JAAS basic auth.
I'm using TomEE 1.7.2 and JAAS Form auth and could not get it working with
security annotations.


2015-10-09 23:14 GMT+01:00 Romain Manni-Bucau <rmannibucau@gmail.com>:

> Hi
>
> Maybe share a project to reproduce on github, this sounds like something
> which works.
>
> Tip: a maven project with tomee maven plugin ready to run is the best way
> to get a fast answer ;)
>
> Romain
>
> 2015-10-09 21:35 GMT+02:00 mark.cavender <mark.cavender@sbcglobal.net>:
>
> > Thanks for the quick reply.  OK, I wrote a JAASLogin and am using a
> > JAASRealm.  The @RolesAllowed still isn't working in my REST service.
> I'm
> > wondering if I am confusing some things. My configuration is as follows:
> >
> > 1)  I have declared the RESTful service as:  @Stateless
> > @DeclareRoles({"viewer","poster"}) and declared a method as
> > @RolesAllowed({"poster"})
> >
> > 2)  in the web.xml I restricted the URL of the restful call to users with
> > roles of viewer and poster, although I have also tried to do it as an
> > asterick "*" as well.
> >
> > 3)  In the RESTful method, I can look at the request in the debugger and
> > see
> > that I only have the viewer role, but it still lets me in the method even
> > though it is restricted to the poster role.  Do you see any flaws in my
> > logic?  Thanks in advance,
> >
> > Mark
> >
> >
> >
> > --
> > View this message in context:
> >
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676462.html
> > Sent from the TomEE Users mailing list archive at Nabble.com.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message