This is a repost with a different subject, maybe I do get with this new
subject responses here. :-)
I got a simple service with basic auth running in Axis, Hurray!
For that, following some documentation I created a .war with axis.jar
and all in it to have my own web app. Works fine. :-)
Now I do call in the service implementation
servletEndpointContext.isUserInRole("my_role")
and get all the time false returned.
Hmmm, could it be that in Axis/Tomcat the concept of these "logical"
roles isn't implemented and we have "only" users and groups?
My web.xml contains link to my_role:
<security-constraint>
<display-name>SecurityConstraint</display-name>
<web-resource-collection>
<web-resource-name>WRCollection</web-resource-name>
<url-pattern>/services</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>my_role</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>my_role</role-name>
</security-role>
When I deploy to Sun App server, I have in sun-web.xml
<security-role-mapping>
<role-name>my_role</role-name>
<group-name>my_group1</group-name>
</security-role-mapping>
to map the logical role (my_role) to a group (my_group1). The group is
physically existing in the Sun App server. Then,
isUserInRole("my_role") returns true. In the App Server's admin, I do
setup groups, not roles. In conf/tomcat-users.xml, probably the roles
mean groups. I tried to put there a <group> Element, seems to work. But
how (where?) to map the group to a role, as I can do in sun-web.xml?
Could you help me here, how to manage this logical role stuff in
Axis/Tomcat?
Thank you!
Merten
