<security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans ------------------------------------------------------------------------------------------------------------------------- Key: JBAS-3624 URL: http://jira.jboss.com/jira/browse/JBAS-3624 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: EJB3 Affects Versions: JBossAS-4.0.4.GA Reporter: David Green Assigned To: Bill Burke Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans. In the jboss-app.xml the security domain is specified as follows: <jboss-app> <security-domain>java:/jaas/hch</security-domain> </jboss-app> In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix). This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one. The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira