Jump to: navigation, search


< EclipseLink‎ | Release‎ | 2.4.0/JPA-RS
Revision as of 12:19, 14 May 2012 by Douglas.clarke.oracle.com (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

JPA-RS Security

Securing JPA-RS in GlassFish

The following is an example of how JPA-RS can be secured within an application using standard Java EE configuration combined with the server specific security.

The web application that adds JPA-RS through its inclusion as a web-fragment by placing the JPA-RS libraryy in WEB-INF/lib can also augment their web.xml to control access to the JPA-RS service. An example of this woul look like:

<!-- Securing JPA-RS  -->
	<display-name>JPA-RS Security</display-name>

This configuration will limit all access to JPA-RS to container configured users who have the JPA-RS security role.

GlassFish: sun-web.xml

Within the GlassFish server the additional mapping from Java EE security role to the GlassFish secuity group is required.