I've learned how to use basic authentication and authorization from the Wrox Axis book. However, one thing I find confusing is specifying which users are authorized to use a given service. It seems that this must be specified in two places.
1) in the perms.lst file with username servicename pairs
2) in the deployment WSDD using the allowedRoles parameter of service elements
Why isn't it sufficient to only specify this mapping in perms.lst?
Why is the value of allowedRoles supposed to be usernames instead of role names?
If it were role names, how would you associate users with roles?
***********************************************************************************
WARNING: All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
************************************************************************************
