[jboss-user] [Security & JAAS/JBoss] - Multiple security domains in one EAR

Tuesday, 18 July 2006

Is it possible to have multiple security domains in one EAR?

I have an application that consists of two major components:

1) The main application (user-facing frontend), with a custom LoginModule that auths
against the hibernate store of members.
2) The customer support tool, which auths against our corporate LDAP store using the
LDAPLoginModule.

My (perhaps naive) first pass designing this involves two security domains.  The main
application EJBs have one @SecurityDomain, the customer support EJBs have a different
@SecurityDomain.

Obviously the customer support tool backend EJBs need to communicate with the main user
application EJBs to manipulate user accounts, etc.  What happens when the EJBs associated
with one @SecurityDomain call into the EJBs of a different @SecurityDomain?  I suspect bad
things.

Is there a strategy for making this work?

Thanks,
Jeff

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959004#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-user] [Security & JAAS/JBoss] - Multiple security domains in one EAR