Hi Romain,
Ok yeah adding that property solved the exception mapper issue, thanks for that! Yeah from an architectural point of view, I would agree that it does make more sense to define your providers for each app in each of their own META-INF/application.properties. However I still can't get authorized. I try 'curl -G http://john:secret@localhost:4204/ROOT/example/secure' and I just get 'Unauthorized!'. I don't understand why, I have login.config in conf with PropertiesLogin, have my users.properties and group.properties in conf also, and have the 'openejb.authentication.realmName=PropertiesLogin' property in system.properties. As far as I understand this is pretty much everything I have to do to get security working. What am I missing? Also can you please explain what you did here: https://issues.apache.org/jira/browse/TOMEE-931 Thanks, Chris Christo Twitter: https://twitter.com/ChrisChristo7 Tumblr: http://chrischristo7.tumblr.com LinkedIn: http://uk.linkedin.com/in/chrischristo On 13 May 2013, at 19:07, Romain Manni-Bucau <[email protected]> wrote: > FYI: https://issues.apache.org/jira/browse/TOMEE-931 > > *Romain Manni-Bucau* > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > *Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > *Github: https://github.com/rmannibucau* > > > > 2013/5/13 Romain Manni-Bucau <[email protected]> > >> adding in system.properties >> >> openejb.jaxrs.providers.auto=true >> >> will make it work >> >> that said a correct packaging (IMO) would be a >> META-INF/application.properties with the line: >> >> openejb.jaxrs.providers=example.EJBAccessExceptionMapper >> >> *Romain Manni-Bucau* >> *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* >> *Blog: >> **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/> >> *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* >> *Github: https://github.com/rmannibucau* >> >> >> >> 2013/5/13 Chris.Christo <[email protected]> >> >>> Hi, >>> >>> I'm trying to setup security access to my rest class. >>> >>> You can see below what I have setup. But basically I have a rest class >>> with two methods, one annotated with @RolesAllowed and one not. I have a >>> groups.properties file, a users.properties file, a login.config file and a >>> system.properties file all within the conf/ folder within the server >>> (OpenEJB standalone 4.6.0-SNAPSHOT) directory. >>> >>> I'm using the PropertiesLogin option with JAAS. >>> >>> I think I have everything setup correctly, but it doesn't seem to work. >>> When I curl at localhost:4204/ROOT/example/insecure it works fine, but when >>> I curl to localhost:4204/ROOT/example/secure (with the correct login >>> credentials) I keep getting an unauthorised error. >>> >>> The other thing is that I have this exception mapper called >>> 'EJBAccessExceptionMapper' which basically diverts an EJBAccessException to >>> respond "Unauthorized!". I have added it to system.properties as >>> >>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >>> >>> but it doesn't get picked up for some reason?? The server throws an >>> exception rather than the simple message "Unauthorized!". >>> >>> I have attached an example maven project with the below files to >>> illustrate the problem. There is also a deploy.sh file which kinda >>> replicates what the maven-tomee-plugin does (but as a script and for the >>> standalone server and not TomEE). It basically creates a copy of the >>> OpenEJB standalone server within the target directory, copies the ROOT.jar >>> (that is created from a mvn package) into apps and also copies over the >>> src/main/openejb/conf files, and then finally it starts the server. >>> >>> >>> >>> So basically unzip and run 'mvn package' and then run 'sh deploy.sh'. >>> (You must have done a mvn install on the tomee/assembly/openejb-standalone! >>> prior to this!) >>> >>> >>> >>> *example/ExampleRest.java* >>> <!-- Begin File --> >>> @Singleton >>> @Path("/example") >>> public class ExampleRest { >>> >>> @GET >>> @Path(value = "/insecure") >>> public String insecure() { >>> return "pass"; >>> } >>> >>> @RolesAllowed("admin") >>> @GET >>> @Path(value = "/secure") >>> public String secure() { >>> return "pass"; >>> } >>> } >>> <!-- End File --> >>> >>> *conf/groups.properties:* >>> <!-- Begin File --> >>> admin=john >>> <!-- End File --> >>> >>> *conf/users.properties:* >>> <!-- Begin File --> >>> john=secret >>> <!-- End File --> >>> >>> *conf/system.properties:* >>> <!-- Begin File --> >>> ... >>> openejb.authentication.realmName=PropertiesLogin >>> openejb.cxf.jax-rs.providers=example.EJBAccessExceptionMapper >>> ... >>> <!-- End File --> >>> >>> *conf/login.config:* >>> <!-- Begin File --> >>> PropertiesLogin { >>> org.apache.openejb.core.security.jaas.PropertiesLoginModule required >>> Debug=true >>> UsersFile="users.properties" >>> GroupsFile="groups.properties"; >>> }; >>> <!-- End File --> >>> >>> >>> Chris Christo >>> >>> Twitter: https://twitter.com/ChrisChristo7 >>> Tumblr: http://chrischristo7.tumblr.com >>> LinkedIn: http://uk.linkedin.com/in/chrischristo >>> >>> >>> >>
