, then adding jwt to the mix u can let
the token even carry all groups and handle auth in a
containerrequestfilter...
Have fun :-)
--
View this message in context:
http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676485.html
Sent from the TomEE Users mailing list
Have fun :-)
>
>
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676485.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>
files beans.xml, open-ebj-jars.xml? Thanks in advance,
Mark
--
View this message in context:
http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676490.html
Sent from the TomEE Users mailing list archive at Nabble.com.
s.xml, open-ebj-jars.xml? Thanks in advance,
>
>
> Mark
>
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676490.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>
is as
> > > > follows:
> > > > > >
> > > > > > 1) I have declared the RESTful service as: @Stateless
> > > > > > @DeclareRoles({"viewer","poster"}) and declared a method as
> > > > > > @
;viewer","poster"}) and declared a method as
> > > > > @RolesAllowed({"poster"})
> > > > >
> > > > > 2) in the web.xml I restricted the URL of the restful call to
> users
> > > with
> > > > > roles of view
ted the URL of the restful call to users
> > with
> > > > roles of viewer and poster, although I have also tried to do it as an
> > > > asterick "*" as well.
> > > >
> > > > 3) In the RESTful method, I can look at the request in the de
though it is restricted to the poster role. Do you see any flaws in my
> > logic? Thanks in advance,
> >
> > Mark
> >
> >
> >
> > --
> > View this message in context:
> >
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676462.html
> > Sent from the TomEE Users mailing list archive at Nabble.com.
> >
>
look at the request in the debugger
> and
> > > see
> > > that I only have the viewer role, but it still lets me in the method
> even
> > > though it is restricted to the poster role. Do you see any flaws in my
> > > logic? Thanks in advance,
> > >
> > > Mark
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > >
> >
> http://tomee-openejb.979440.n4.nabble.com/restful-web-secruity-for-TOMEE-tp4676451p4676462.html
> > > Sent from the TomEE Users mailing list archive at Nabble.com.
> > >
> >
>