[jboss-user] [Security & JAAS/JBoss] - Re: Security chptr says ejb-jar.xml. But EJB3 has no ejb-jar
Markus.Wahl
do-not-reply at jboss.com
Wed Jul 19 06:29:03 EDT 2006
so this is what I tried:
*renaming the "other" application policy of file login-config.xml (residing in the AS conf dir) to "mine" (in order to make sure that the default security domain "other" does not kick in)
*editing jboss-app.xml:
<jboss-app>
| <security-domain>java:/jaas/other</security-domain>
| <loader-repository>name:app=ejb3</loader-repository>
| </jboss-app>
|
*removing the @SecurityDomain annotation from my bean
when I try this, all the roles defined in web.xml are allowed acces to my jsp files (this was expected). but all users get acces to my ejb bean. I define two roles in web.xml, but only one of those roles are mentioned in my ejb bean using the @RolesAllowed annotation.
when I try with a user of the role not mentioned by @RolesAllowed while the "mine" security domain is not configured, all is fine: the user don't get to use the ejb bean.
so what am I missing? is the ejb layer security being set aside just because I use another name for my security domain? hardly; it must be that I have configured something amis. but what? do you know, cgriffith?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959078#3959078
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959078
More information about the jboss-user
mailing list