[jboss-jira] [JBoss JIRA] (AS7-3888) Deployment provided login modules for security domains are not accessible to remote invocation

[ https://issues.jboss.org/browse/AS7-3888?page=com.atlassian.jira.plugin.s... ] Jason Greene closed AS7-3888. ----------------------------- Fix Version/s: No Release (was: 7.1.2.Final) Resolution: Rejected This is by design (explanation to follow). Although instead of modifying the security module, the best approach is to define a new static module with its own jar (placing it in the modules dir) and reference it using the module="" tag in the security domain login module stack. The reason it is not possible to use application classes is that remoting connections perform authentication once during the negotiation phase of the connection, and all subsequent ejb (or jndi etc) invocations share the same connection. So an authenticated connection can potentially span an arbitrary number of applications, and that information can not be known at the time of authentication. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira