[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

Thursday, 25 January 2007

I decided I should go a little further with this and check that the EJB security domain
worked as expected rather than defaulting to "other", even though we aren't
using EJB permissions yet.

It turns out the steps outlined previously work for securing the web pages of the app --
but to have the EJB security domain work as expected, in jboss.xml I need

  | <security-domain>webappDomain</security-domain>
  | 

rather than the expected

  | <security-domain>java:/jaas/webappDomain</security-domain>
  | 

I think this might explain problems like this:

[url]
http://forum.java.sun.com/thread.jspa?threadID=773530
[/url]

Since this is contrary to the documentation, I would consider this a serious bug.  I will
open a JIRA case (though I don't have a good simple test case, I'm afraid.)  I am
running in clustered mode, could that possibly have anything to do with it?

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4006417#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml