EJB3: Lack of security domain in JBoss DD does not bypass security ------------------------------------------------------------------ Key: JBAS-5961 URL: https://jira.jboss.org/jira/browse/JBAS-5961 Project: JBoss Application Server Issue Type: Feature Request Security Level: Public (Everyone can see) Components: EJB2 Affects Versions: JBossAS-5.0.0.CR1 Reporter: Anil Saldhana Assignee: Anil Saldhana Fix For: JBossAS-5.0.0.GA Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message. But if there is presence of security meta data for the deployment (EJB2 method perms in ejb-jar.xml), there is an expectation of security enforcement. In this case, we need to default the security domain to "other". -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira