Adam Kovari created JBWS-3492:
Summary: EJB WS authentication not working when using "strict"
allRolesMode in server.xml Realm
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Environment: JBoss Enterprise Application Platform 5.1.2, both WS-native and
Reporter: Adam Kovari
The customer needs to use "strict" mode on Realm in server.xml. By documentation
it requires web.xml, however when using EJB Web Services there is no web.xml. Where does
it pick authorization configuration from? ejb-jar.xml clearly not but I'm trying to
figure out whether it's bug or feature. Please note that using annotations like
@RolesRequired and @SecurityDomain is not considered here.
I'm attaching example project web-service-test-app2.ear and jboss_config.zip.
I have also example project when using POJO WS with web.xml. Then authorization works fine
even with "strict" mode. Please request if interested.
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
For more information on JIRA, see: http://www.atlassian.com/software/jira