[jboss-jira] [JBoss JIRA] Updated: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
Richard Kennard updated EJBTHREE-2255:
--------------------------------------
Attachment: SecurityDomainTest.zip
Test EAR created with JBoss Tools. Note the test will fail even though the EJB is
annotated @SecurityDomain( "" ).
If you uncomment the <security-domain/> in jboss.xml it'll work.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira