OK. So I've been doing some research into areas of the J2EE spec that I have yet to develop with. Particularly EJBs and how the security model can be applied to them. I'm also looking at JAX-WS, which is really nice. I love the convenience of annotating classes and methods in the construction of Web Services rather than having to work directly with WSDL and all the stub classes that have to be populated. Anyway, I digress, I've been using Glassfish to work through some examples and get to grips with how it all fits together. I've created some beans. Yay. And a web service from a statesless session bean. Double Yay!
Then I went on to the security model. Arghhh. I've just wasted nearly a day of development trying to get security realms and authorised access to JSP's and beans working. I've tried file realms and jdbc realms. I've tried with beans and JSP's (as part of an .EAR) and then just JSP's (as a standalone .WAR). I've tried running Glassfish in my IDE and standalone. I've looked at various settings and even questioned whether I actually understand what I'm doing. And then searching the web I found this thread:
http://forums.java.net/jive/thread.jspa?messageID=266271
In it 'benk' found that removing:
permission java.security.AllPermission;
from the jdk java.policy file fixed the problem.
Oh and the problem. I couldn't get authorisation to work. Pages that were configured in the web.xml file to be secure were accessable without logging in.
I love forums. And blogs. And the fact that people are willing to spend time helping others out. After all isn't it what the Internet is all about... or should be at least.
Friday 5 March 2010
Subscribe to:
Posts (Atom)