[jboss-jira] [JBoss JIRA] (WFLY-959) Allow more flexibility in the way EJB authentication is handled with regards to remoting and security-realms

Allow more flexibility in the way EJB authentication is handled with regards to remoting and security-realms ------------------------------------------------------------------------------------------------------------ Key: WFLY-959 URL: https://issues.jboss.org/browse/WFLY-959 Project: WildFly Issue Type: Bug Security Level: Public(Everyone can see) Components: EJB Reporter: Derek Horton Assignee: David Lloyd My confusion is around the remoting/security-realm setup in the use case where multiple EJBs are deployed that use different security-domains and the EJBs will be invoked by remote standalone clients. For example, ejbX needs to be in the sec-domain-X security-domain, while ejbY needs to be in the sec-domain-Y security-domain. In this situation, the authentication checks are going to be handled by the security-realm that is associated with the remote connector that is configured to be used by the EJB subsystem. It looks like the security-realm can either handle the authentication checks directly (properties file, ldap, etc) or it can defer to the jaas security-domain. In both of those situations, it seems that the EJBs are limited to a single authentication point. The EJB authentication is either going to be handled by a single security-realm or the security-realm will defer to a single security-domain. I could configure the security-domain to have multiple login modules. I assume the same thing could be done with the security-realm. Basically the problem that I am trying to solve boils down to this: the authentication checks for remote EJBs appear to be checked by either a single security-realm or a single security-domain. Is there a way to change this? One idea I had was to add another remote connector to the EJB subsystem. Unfortunately, this does not appear to be possible.