[
http://jira.jboss.com/jira/browse/EJBTHREE-281?page=comments#action_12370243 ]
Abhishek Prakash commented on EJBTHREE-281:
-------------------------------------------
This was actually a bug. Releases 4.2.0 onwards have the fix for the bug.
Allow a default <security-domain> element in jboss.xml
------------------------------------------------------
Key: EJBTHREE-281
URL:
http://jira.jboss.com/jira/browse/EJBTHREE-281
Project: EJB 3.0
Issue Type: Feature Request
Affects Versions: EJB 3.0 RC3
Environment: - Jboss 4.0.3RC1, installed with the installer using the all
configuration
- Windows 2000
Reporter: Eyal Lupu
Assigned To: William DeCoste
Fix For: EJB 3.0 RC3
I'm using the DatabaseServerLoginModule to map principal and roles (client uses
ClientLoginModule)
I have a one SLSB with the following security definitions:
@SecurityDomain("testApp-server")
public class....... {
@RolesAllowed("admin")
public int add(int a, int b) {...}
}
Everything works fine - but I want to move the security domain's declaration to the
DD:
I removed the '@SecurityDomain' annotation and added a
<security-domain>java:/jaas/testApp-server</security-domain> element to my
jboss-app.xml file.
It doesn't work - everyone can access my "secured" method.
Additional tests I did:
A. I know that the jboss-app.xml is being loaded since I added a service module (SAR)
into it - and it is being loaded
B. I tried to replace the name of the security domain with an none-exist security domain
and again
nothing happends (not even an error message)
C. I tried both static login configuration (server/conf/login-config.xml) and a dynamic
one (using the
DynamicLoginConfig) - yet, nothing happends
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira