[
https://issues.jboss.org/browse/AS7-3422?page=com.atlassian.jira.plugin.s...
]
jaikiran pai closed AS7-3422.
-----------------------------
Resolution: Rejected
I'm closing this issue since it isn't a bug but a application configuration issue.
As for the suggestion of logging a WARN when security configurations are used in the
absence of a security domain configuration, that's a good idea but will be addressed
in a different JIRA. Actually there's even a suggestion in that forum thread of adding
a interceptor for handling this.
@RolesAllowed @DenyAll on EJBs does not work
--------------------------------------------
Key: AS7-3422
URL:
https://issues.jboss.org/browse/AS7-3422
Project: Application Server 7
Issue Type: Bug
Components: EJB
Affects Versions: 7.1.0.CR1b
Reporter: Gernot P
Assignee: jaikiran pai
I've a war within EJBs. Annotating an EJB method with @RolesAllowed or @DenyAll does
not work as expected - method is executed even if the roles does not match.
I also added @SecurityDomain annotation, which did not change the behaviour.
EJBContext getCallerPrincipal() returns the correct (authenticated) principal, and
isCallerInRole() works fine, but not @RolesAllowed
jboss-web.xml:
<jboss-web><security-domain>formauth</security-domain></jboss-web>
Here's the security-domain part of standalone.xml, which is referenced in the war:
<security-domain name="formauth" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties"
value="defaultUsers.properties"/>
<module-option name="rolesProperties"
value="defaultRoles.properties"/>
</login-module>
</authentication>
</security-domain>
At
https://community.jboss.org/message/648047 is a sample war which reproduces the defect
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira