Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?
HTTP 500 is a server error, so the error is likely to occur in the server implementation.
If you want to set breakpoints etc, then you should do it in the RESTful service implementation class that is supposed to handle the request (DELETE in your case).
Have you had a look in the GlassFish log? Isn't there any exception there?
Have you tried to create a UserProfiles object that is not attached to any persistence context, copying the data from the UserProfiles object, make modifications and then return the new UserProfiles object?
So I guess that a servlet filter is the only option with a RESTful web service.
Try removing the LockoutRealm outer Realm definition from server.xml.
Also, make sure that the tomcat-users.xml file hasn't accidentally been given file access rights that keep it from being readable by Tomcat.
You might also find useful messages in the logs/localhost log file or logs/catalina.out file.
The tomcat-users.xml file supplied with Tomcat doesn't have any admin stuff set up, and as far as I can remember, that includes the role names, so yes, you'd have to add the ones that people will be using.
I suspect that you may need to define and assign the manager-status role as well as the manager-ui role before you can effectively use the manager app.
If you can login but you get "forbidden" pages, then your role assignments aren't all set up the way you need them to be
your role set doesn't include the URL of the page you're trying to access.
I'm not quite sure what you're asking here.
It sound like you have a working solution but you're hoping for a shortcut?
Roles are defined in web.xml.
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>
Incidentally, one of the reasons that tomcat-users.xml isn't recommended for production environments is that the Realm that uses it (MemoryRealm) loads in the entries when Tomcat starts up and does not monitor for changes to that file. To see the roles change, Tomcat has to be restarted
When a more dynamic Realm is used, such as a JDBCRealm or LDAP Realm, the roles a user has are determined at login time, so to get the changes, Tomcat doesn't have to be restarted.