[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Zoltan Kiss commented on JBWS-2535:
-----------------------------------
I figured out that the problem is, that how many EJB/WS do you have in the same
deployment. If multiple, than all of them must share the same SecurityDomain, even if one
(or more of them) is not protected.
Eg. if you have SecuredBean and UnsecuredBean which are SLSBs and WSs too, then you have
to annotate both of them with SecurityDomain, but only SecureBean have to annotated with
WebContext:
---
@Stateless
@WebService(endpointInterface = "test.SecuredBeanLocal")
@SecurityDomain("TestDomain")
@WebContext(authMethod = "BASIC")
public class SecuredBean implements SecuredBeanLocal {
@javax.annotation.Resource
private SessionContext ctx;
@WebMethod(operationName="sayHello")
public String sayHello(String param1) {
return "Hello " + param1 + ": " +
ctx.getCallerPrincipal().getName();
}
}
---
@Stateless
@WebService(endpointInterface = "test.unsecuredBeanLocal")
@SecurityDomain("TestDomain")
public class UnsecuredBean implements UnsecuredBeanLocal {
@WebMethod(operationName="sayHello")
public String sayHello(String param1) {
return "Hello " + param1;
}
}
---
If you ommit the @SecurityDomain annotation on the second Bean then you will receive the
error, because JBossWS wants to link both endpoint (which are in the same web context) to
the same domain; and omitting the @SecurityDomain means that JBoss wants to use the
deafult "other" config, but the other TestDomain was already linked.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL:
https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira