10:37 p.m.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:39 p.m.
New subject: [JBoss JIRA] Updated: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
Richard Kennard updated EJBTHREE-2255:
--------------------------------------
Attachment: SecurityDomainTest.zip
Test EAR created with JBoss Tools. Note the test will fail even though the EJB is
annotated @SecurityDomain( "" ).
If you uncomment the <security-domain/> in jboss.xml it'll work.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:42 p.m.
New subject: [JBoss JIRA] Commented: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
jaikiran pai commented on EJBTHREE-2255:
----------------------------------------
If you just remove the @SecurityDomain, that should mean that the security is disabled.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:51 p.m.
New subject: [JBoss JIRA] Commented: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
Richard Kennard commented on EJBTHREE-2255:
-------------------------------------------
Jaikiran,
Thanks for your response!
I tried that and it didn't work? I'm fairly sure if you remove the @SecurityDomain
it just means 'this class says nothing about whether the EJB is in/not in any
security-domain'.
Richard.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:55 p.m.
New subject: [JBoss JIRA] Commented: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
jaikiran pai commented on EJBTHREE-2255:
----------------------------------------
Hi Richard,
I'm not sure what didn't work. But if a @SecurityDomain is absent from the EJB
(and also from jboss.xml) then it means that it is unsecured. That's how it is
implemented.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
11:12 p.m.
New subject: [JBoss JIRA] Commented: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
[
https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plu...
]
Richard Kennard commented on EJBTHREE-2255:
-------------------------------------------
Sorry, I understand what you mean now!
In my case there *is* a security-domain in jboss.xml. It is a 'top-level'
security-domain, so that I don't have to individually specify a security-domain for
every EJB/MDB in my app.
What I want to do is *remove* the security-domain just for this particular EJB. You can do
this in jboss.xml by putting an empty <security-domain/> against that EJB (see
attached test case). However you can't seem to do the same by putting an empty
annotation @SecurityDomain( "" ) inside the class itself.
I believe this should be supported.
@SecurityDomain has no equivalent for <security-domain/>
--------------------------------------------------------
Key: EJBTHREE-2255
URL: https://issues.jboss.org/browse/EJBTHREE-2255
Project: EJB 3.0
Issue Type: Bug
Environment: JBoss 6.0.0.Final
Reporter: Richard Kennard
Attachments: SecurityDomainTest.zip
Test case attached.
We have found it useful to turn off the security-domain for certain EJBs so that they can
be accessed from unauthenticated clients. We can do this in jboss.xml using
<security-domain /> but not, it seems, from an EJB using the @SessionDomain
annotation.
A @SessionDomain( "" ) is simply ignored.
We're not a big fan of hard-coding security domain names inside EJBs, but it seems
fine to be able to say 'this EJB has no security domain at all'. Should the
annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:55 a.m.
New subject: [JBoss JIRA] (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
6:55 a.m.
New subject: [JBoss JIRA] (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
6:57 a.m.
New subject: [JBoss JIRA] (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
4388
days inactive
4902
days old
8 comments
3 participants
participants (3)
-
Carlo de Wolf (JIRA) -
jaikiran pai (JIRA)
-
Richard Kennard (JIRA)