[
https://issues.jboss.org/browse/JBWS-2535?page=com.atlassian.jira.plugin....
]
Riccardo Serafin commented on JBWS-2535:
----------------------------------------
Hi,
I've the same problem and I'm poking through the code. I'm looking at
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossws/container/jboss50/bran...,
which seems to be the last available version for the 3.4.1 native stack.
It seems the code is looking at the security domain of all EJBs, even if they are not
@WebService annotated, which in my case is generating the problem, as my
"normal" EJBs need to use a different security domain from my
"webservice" EJBs.
Moreover, but this is more a question, I'm not getting the point of this check. I
mean, what if I have several web services that need to authenticate from different
security domain? If I understand it correctly, EJB security domain can be set and is
enforced on a per-EJB basis, so what's the need to set a unique security domain at the
web app level?
My solution at the moment, is to create a separate JAR with only the
"webservice" EJBs that need a different security domain, and ensure that all
EJBs in the same jar have the same domain, but it is a little annoying.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL:
https://issues.jboss.org/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder ZamarreƱo
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira