adding in system.properties openejb.jaxrs.providers.auto=true
will make it work that said a correct packaging (IMO) would be a META-INF/application.properties with the line: openejb.jaxrs.providers=example.EJBAccessExceptionMapper *Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2013/5/13 Chris.Christo <[email protected]> > Hi, > > I'm trying to setup security access to my rest class. > > You can see below what I have setup. But basically I have a rest class > with two methods, one annotated with @RolesAllowed and one not. I have a > groups.properties file, a users.properties file, a login.config file and a > system.properties file all within the conf/ folder within the server > (OpenEJB standalone 4.6.0-SNAPSHOT) directory. > > I'm using the PropertiesLogin option with JAAS. > > I think I have everything setup correctly, but it doesn't seem to work. > When I curl at localhost:4204/ROOT/example/insecure it works fine, but when > I curl to localhost:4204/ROOT/example/secure (with the correct login > credentials) I keep getting an unauthorised error. > > The other thing is that I have this exception mapper called > 'EJBAccessExceptionMapper' which basically diverts an EJBAccessException to > respond "Unauthorized!". I have added it to system.properties as > > openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper > > but it doesn't get picked up for some reason?? The server throws an > exception rather than the simple message "Unauthorized!". > > I have attached an example maven project with the below files to > illustrate the problem. There is also a deploy.sh file which kinda > replicates what the maven-tomee-plugin does (but as a script and for the > standalone server and not TomEE). It basically creates a copy of the > OpenEJB standalone server within the target directory, copies the ROOT.jar > (that is created from a mvn package) into apps and also copies over the > src/main/openejb/conf files, and then finally it starts the server. > > > > So basically unzip and run 'mvn package' and then run 'sh deploy.sh'. (You > must have done a mvn install on the tomee/assembly/openejb-standalone! > prior to this!) > > > > *example/ExampleRest.java* > <!-- Begin File --> > @Singleton > @Path("/example") > public class ExampleRest { > > @GET > @Path(value = "/insecure") > public String insecure() { > return "pass"; > } > > @RolesAllowed("admin") > @GET > @Path(value = "/secure") > public String secure() { > return "pass"; > } > } > <!-- End File --> > > *conf/groups.properties:* > <!-- Begin File --> > admin=john > <!-- End File --> > > *conf/users.properties:* > <!-- Begin File --> > john=secret > <!-- End File --> > > *conf/system.properties:* > <!-- Begin File --> > ... > openejb.authentication.realmName=PropertiesLogin > openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper > ... > <!-- End File --> > > *conf/login.config:* > <!-- Begin File --> > PropertiesLogin { > org.apache.openejb.core.security.jaas.PropertiesLoginModule required > Debug=true > UsersFile="users.properties" > GroupsFile="groups.properties"; > }; > <!-- End File --> > > > Chris Christo > > Twitter: https://twitter.com/ChrisChristo7 > Tumblr: http://chrischristo7.tumblr.com > LinkedIn: http://uk.linkedin.com/in/chrischristo > > >
