[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-703) <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

<security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans ------------------------------------------------------------------------------------------------------------------------- Key: EJBTHREE-703 URL: http://jira.jboss.com/jira/browse/EJBTHREE-703 Project: EJB 3.0 Issue Type: Bug Reporter: David Green Assigned To: Bill Burke Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans. In the jboss-app.xml the security domain is specified as follows: <jboss-app> <security-domain>java:/jaas/hch</security-domain> </jboss-app> In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix). This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one. The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.