I have an EJB web service (which uses @RolesAllowed on method level) and a RESTful web service on glassfish. I want to configure user authentication for both.
I want to log every every client calls into a log file. I want to log successful login, failed login and also log if the user is not authorized to call a specific EJB web service method based on the @RolesAllowed. What do I need to do for this?
I think there are two methodsto do this. Either I implement a custom realm in glassfish, but in that I don't know how I can log on the basis of @RolesAllowed. The other way is that if the user enters wrong login details, then she must be given access to my service as anonymous user and then I'll log the message in the service methods. What do you think about these approaches? Any other way to implement the login?