[jbossws-issues] [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
Zoltan Kiss (JIRA)
jira-events at lists.jboss.org
Fri Jan 22 06:08:19 EST 2010
[ https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12507696#action_12507696 ]
Zoltan Kiss commented on JBWS-2535:
-----------------------------------
I run into this problem too. JBoss 5.0.1 GA and JBossWS-Native-3.2.2 GA.
But sometimes it works. If I create a dummy plain EJB/WS packaged as simple JAR then it works:
----
@WebService
public interface HelloBeanLocal {
@WebMethod(operationName="sayHello")
public String sayHello(@WebParam(name = "param1")String param1);
}
----
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.jws.WebService;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.wsf.spi.annotation.WebContext;
@Stateless(name = "HelloPort")
@WebService(endpointInterface = "hu.fs.ejb.test.HelloBeanLocal")
@SecurityDomain("TestDomain")
@WebContext(authMethod = "BASIC")
public class HelloBean implements HelloBeanLocal {
@javax.annotation.Resource
private SessionContext ctx;
public String sayHello(String param1) {
return "Hello " + param1 + ": " + ctx.getCallerPrincipal().getName();
}
}
----
This EJB module works for me with the "TestDomain" login config.
But if I try to use this solution in our project (lots of EJB / WS modules, and packaged multiple JAR-s into one EAR) then it fails with: IllegalStateException: Multiple security domains not supported
org.jboss.security.annotation.SecurityDomain doesn't works. If I try to use this, then the "other" login config will be used in every case. So the only workaround that I found is which Joshua Davis mentioned above: redefine the "other" in the login-conf.xml
> Multiple security domain check is too overzealous
> -------------------------------------------------
>
> Key: JBWS-2535
> URL: https://jira.jboss.org/jira/browse/JBWS-2535
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: jbossws-integration
> Environment: Not sure about components or versions. It's definitely happening in AS 5.0.0.GA.
> Reporter: Galder Zamarreno
> Assignee: Darran Lofthouse
>
> If you mix up EJB3 SLSBs without security domains and SLSBs with SecurityDomain("other"), and
> you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an exception
> similar to this:
> Caused by: java.lang.IllegalStateException: Multiple security domains not supported
> at org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
> at org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
> at org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
> at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
> at org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
> at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
> at org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
> at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
> at org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
> at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
> at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
> ... 18 more
> The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list