Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
EclipseLink/Release/2.4.0/JPA-RS/Security
< EclipseLink | Release | 2.4.0/JPA-RS
Revision as of 13:19, 14 May 2012 by Unnamed Poltroon (Talk) (New page: == JPA-RS Security == == Securing JPA-RS in GlassFish == The following is an example of how JPA-RS can be secured within an application using standard Java EE configuration combined wit...)
JPA-RS Security
Securing JPA-RS in GlassFish
The following is an example of how JPA-RS can be secured within an application using standard Java EE configuration combined with the server specific security.
The web application that adds JPA-RS through its inclusion as a web-fragment by placing the JPA-RS libraryy in WEB-INF/lib can also augment their web.xml to control access to the JPA-RS service. An example of this woul look like:
<!-- Securing JPA-RS --> <security-constraint> <display-name>JPA-RS Security</display-name> <web-resource-collection> <web-resource-name>JPARSPermissions</web-resource-name> <url-pattern>/persistence/*</url-pattern> <http-method>GET</http-method> <http-method>PUT</http-method> <http-method>POST</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>JPA-RS</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name> </login-config> <security-role> <role-name>JPA-RS</role-name> </security-role>
This configuration will limit all access to JPA-RS to container configured users who have the JPA-RS security role.
GlassFish: sun-web.xml
Within the GlassFish server the additional mapping from Java EE security role to the GlassFish secuity group is required.
<security-role-mapping> <role-name>JPA-RS</role-name> <group-name>JPA-RS</group-name> </security-role-mapping>