[Security & JAAS/JBoss] - EJB Security Question
by apwalker
I migrating some apps from weblogic and it appear that weblogic takes a different approach to EJB security in that if you don't specify a method-permission element in the ejb-jar.xml then it defaults to allows unchecked access to those methods where as jboss you have to explicitly marked them as unchecked. This is painful if I have to add every method individually to as unchecked if I only want to restrict access to one method.
I can add the following:
| ...
| <method-permission>
| <unchecked/>
| <method >
| <ejb-name>MyEJB</ejb-name>
| <method-intf>Remote</method-intf>
| <method-name>*</method-name>
| </method>
| </method-permission>
| ...
|
To allow unrestricted access to all methods but what is the behavior if I do the following:
| ...
| <method-permission>
| <unchecked/>
| <method >
| <ejb-name>MyEJB</ejb-name>
| <method-intf>Remote</method-intf>
| <method-name>*</method-name>
| </method>
| </method-permission>
| <method-permission>
| <role-name>valid-user</role-name>
| <method >
| <ejb-name>MyEJB</ejb-name>
| <method-intf>Remote</method-intf>
| <method-name>secureMethod</method-name>
| </method>
| </method-permission>
| ...
|
Does this restrict access to users with a "valid-user" role or does the unchecked with the wildcard allow anyone to access the secureMethod?
I will implement a testcase to findout and post my findings but am interested to find out what the semantic behavior is supposed to be.
Oh if you want I can post this in the EJB forum if you think that's a more relevant location for this post.
cheers,
Aaron
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024106#4024106
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024106
17Â years, 10Â months
[Beginners Corner] - deployment problem
by ronakparikh
Hi I m deploying my application over JBoss and I got follwing exception
Deploying:file:/C:/jboss_tomcat/jboss/tmp/deploy/Default/omsserver.ear
failed to load jboss.xml. There could be a syntax error.
org.jboss.ejb.DeploymentException: Error in jboss.xml for Bean BillingSimulator: found in jboss.xml but not in ejb-jar.xml
at org.jboss.metadata.ApplicationMetaData.importJbossXml(ApplicationMetaData.java:387)
at org.jboss.metadata.XmlFileLoader.load(XmlFileLoader.java:177)
at org.jboss.ejb.ContainerFactory.deploy(ContainerFactory.java:438)
at org.jboss.ejb.ContainerFactory.deploy(ContainerFactory.java:369)
at org.jboss.ejb.ContainerFactory.deploy(ContainerFactory.java:304)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke
i mentioned BillingSimulator in both ejb-jar.xml and Jboss.xml
but i m not able to understand, why this is happining..
If anybody knows...PLEASE HELP ME..
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024103#4024103
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024103
17Â years, 10Â months