FYI: https://issues.apache.org/jira/browse/TOMEE-931
*Romain Manni-Bucau* *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* *Github: https://github.com/rmannibucau* 2013/5/13 Romain Manni-Bucau <[email protected]> > adding in system.properties > > openejb.jaxrs.providers.auto=true > > will make it work > > that said a correct packaging (IMO) would be a > META-INF/application.properties with the line: > > openejb.jaxrs.providers=example.EJBAccessExceptionMapper > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > 2013/5/13 Chris.Christo <[email protected]> > >> Hi, >> >> I'm trying to setup security access to my rest class. >> >> You can see below what I have setup. But basically I have a rest class >> with two methods, one annotated with @RolesAllowed and one not. I have a >> groups.properties file, a users.properties file, a login.config file and a >> system.properties file all within the conf/ folder within the server >> (OpenEJB standalone 4.6.0-SNAPSHOT) directory. >> >> I'm using the PropertiesLogin option with JAAS. >> >> I think I have everything setup correctly, but it doesn't seem to work. >> When I curl at localhost:4204/ROOT/example/insecure it works fine, but when >> I curl to localhost:4204/ROOT/example/secure (with the correct login >> credentials) I keep getting an unauthorised error. >> >> The other thing is that I have this exception mapper called >> 'EJBAccessExceptionMapper' which basically diverts an EJBAccessException to >> respond "Unauthorized!". I have added it to system.properties as >> >> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >> >> but it doesn't get picked up for some reason?? The server throws an >> exception rather than the simple message "Unauthorized!". >> >> I have attached an example maven project with the below files to >> illustrate the problem. There is also a deploy.sh file which kinda >> replicates what the maven-tomee-plugin does (but as a script and for the >> standalone server and not TomEE). It basically creates a copy of the >> OpenEJB standalone server within the target directory, copies the ROOT.jar >> (that is created from a mvn package) into apps and also copies over the >> src/main/openejb/conf files, and then finally it starts the server. >> >> >> >> So basically unzip and run 'mvn package' and then run 'sh deploy.sh'. >> (You must have done a mvn install on the tomee/assembly/openejb-standalone! >> prior to this!) >> >> >> >> *example/ExampleRest.java* >> <!-- Begin File --> >> @Singleton >> @Path("/example") >> public class ExampleRest { >> >> @GET >> @Path(value = "/insecure") >> public String insecure() { >> return "pass"; >> } >> >> @RolesAllowed("admin") >> @GET >> @Path(value = "/secure") >> public String secure() { >> return "pass"; >> } >> } >> <!-- End File --> >> >> *conf/groups.properties:* >> <!-- Begin File --> >> admin=john >> <!-- End File --> >> >> *conf/users.properties:* >> <!-- Begin File --> >> john=secret >> <!-- End File --> >> >> *conf/system.properties:* >> <!-- Begin File --> >> ... >> openejb.authentication.realmName=PropertiesLogin >> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >> ... >> <!-- End File --> >> >> *conf/login.config:* >> <!-- Begin File --> >> PropertiesLogin { >> org.apache.openejb.core.security.jaas.PropertiesLoginModule required >> Debug=true >> UsersFile="users.properties" >> GroupsFile="groups.properties"; >> }; >> <!-- End File --> >> >> >> Chris Christo >> >> Twitter: https://twitter.com/ChrisChristo7 >> Tumblr: http://chrischristo7.tumblr.com >> LinkedIn: http://uk.linkedin.com/in/chrischristo >> >> >> >
