[jboss-user] [Security & JAAS/JBoss] - Re: EJB SecurityDomain across servers

Monday, 24 July 2006

Yeah, I tried stripping everything down and I couldn't find a way to secure the remote
interface only.  Perhaps I'm doing something wrong, but the method in this class, for
example:

@Remote
@SecurityDomain("mydomain")
public interface RemoteTestEJB3InterfaceSecured extends TestEJB3InterfaceSecured {

    @RolesAllowed("admin")
    void doSecure();
}

can be called by remote callers without having to authenticate, unless security is also
placed on the implementation bean.  

I couldn't find a section of the spec that mentions this, either.  

Kind of disappointing that I can't place security restrictions on remote callers
exclusively.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960446#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Re: EJB SecurityDomain across servers