JEE7 - JSF and resteasy share context-root

0
votes

I have a ear package with and ejb module and a war module. the ejb module has a rest service ( resteasy , because i deploy on jboss eap 7 ).

The problem is that the rest service and the war application share the same context-root

example:

http://localhost/context-root/index.html

http://localhost/context-root/rest-api/config/1

the problem is that my war app needs login to work, but that doesn't allow me to call the rest API unless i login on the web as a user.

I think the solution its about servlets, but i cannot figure it out how.

this its a extract from my web.xml

<servlet>
    <servlet-name>future-web</servlet-name>
    <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
    <servlet-name>Push Servlet</servlet-name>
    <servlet-class>org.primefaces.push.PushServlet</servlet-class>
    <init-param>
        <param-name>org.atmosphere.cpr.broadcasterCacheClass</param-name>
        <param-value>org.atmosphere.cache.UUIDBroadcasterCache</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    <async-supported>true</async-supported>
</servlet>
<servlet-mapping>
    <servlet-name>Push Servlet</servlet-name>
    <url-pattern>/primepush/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>future-web</servlet-name>
    <url-pattern>*.xhtml</url-pattern>
</servlet-mapping>

any help will be appreciate.

thanks

UPDATE:

This is what i have:

localhost/context-root/index.html

localhost/context-root/rest-api/config/1

this is what i am looking for:

localhost/context-root/index.html

localhost/rest-api/config/1

1
javajsfjbossjax-rsservlet-3.0
Not sure if you're aware, but the links to localhost will not work on any of our PCs.Joe C
yes i now, the localhost part its just for demostration purpose. thanks!cmd
Did you solve your issuethst

1 Answers

0
votes

What kind of login do you want to implement? Form based or http authentication?

You need to add a security constraint to your web.xml. The following snippet adds two roles api and application. These roles are added to two resource collections in constraints. Then the login-method BASIC is selected.

You can find more information on the topic here: https://docs.oracle.com/cd/E11035_01/wls100/security/thin_client.html#wp1045995

<security-role>
    <role-name>api</role-name>
</security-role>
<security-role>
    <role-name>application</role-name>
</security-role>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>
            API Servlet
        </web-resource-name>
        <url-pattern>/primepush/*</url-pattern>
    </web-resource-collection>
    <!-- uncomment constraint to enable authentication for webservice path
    <auth-constraint>
        <role-name>api</role-name>
    </auth-constraint> -->
</security-constraint>

<security-constraint>
    <web-resource-collection>
        <web-resource-name>
            Application
        </web-resource-name>
        <url-pattern>/*.xhtml</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>application</role-name>
    </auth-constraint>
</security-constraint>

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Application Login</realm-name>
</login-config>