5:42 a.m.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public (Everyone can see)
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:44 a.m.
New subject: [JBoss JIRA] Updated: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Galder Zamarreno updated JBWS-2535:
-----------------------------------
Environment: Not sure about components or versions. It's definitely happening in
AS 5.0.0.GA.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:39 p.m.
New subject: [JBoss JIRA] Updated: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Alessio Soldano updated JBWS-2535:
----------------------------------
Component/s: jbossws-integration
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
10:03 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Markus Wilthaner commented on JBWS-2535:
----------------------------------------
Happens in 5.0.1 GA as well
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:08 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Markus Wilthaner commented on JBWS-2535:
----------------------------------------
Note: Does not occur in my environment (5.0.1 GA) if the annotation
org.jboss.security.annotation.SecurityDomain is used instead of
org.jboss.ejb3.annotation.SecurityDomain.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
6:52 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Joshua Davis commented on JBWS-2535:
------------------------------------
This also happens in 5.1.0.GA, and it looks like
org.jboss.security.annotation.SecurityDomain annotation is being ignored. The security
domain seems to be 'other'. Our workaround was to redefine the 'other'
authentication policy to use our login module.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:08 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Zoltan Kiss commented on JBWS-2535:
-----------------------------------
I run into this problem too. JBoss 5.0.1 GA and JBossWS-Native-3.2.2 GA.
But sometimes it works. If I create a dummy plain EJB/WS packaged as simple JAR then it
works:
----
@WebService
public interface HelloBeanLocal {
@WebMethod(operationName="sayHello")
public String sayHello(@WebParam(name = "param1")String param1);
}
----
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.jws.WebService;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.wsf.spi.annotation.WebContext;
@Stateless(name = "HelloPort")
@WebService(endpointInterface = "hu.fs.ejb.test.HelloBeanLocal")
@SecurityDomain("TestDomain")
@WebContext(authMethod = "BASIC")
public class HelloBean implements HelloBeanLocal {
@javax.annotation.Resource
private SessionContext ctx;
public String sayHello(String param1) {
return "Hello " + param1 + ": " +
ctx.getCallerPrincipal().getName();
}
}
----
This EJB module works for me with the "TestDomain" login config.
But if I try to use this solution in our project (lots of EJB / WS modules, and packaged
multiple JAR-s into one EAR) then it fails with: IllegalStateException: Multiple security
domains not supported
org.jboss.security.annotation.SecurityDomain doesn't works. If I try to use this, then
the "other" login config will be used in every case. So the only workaround that
I found is which Joshua Davis mentioned above: redefine the "other" in the
login-conf.xml
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:48 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://jira.jboss.org/jira/browse/JBWS-2535?page=com.atlassian.jira.plug...
]
Zoltan Kiss commented on JBWS-2535:
-----------------------------------
I figured out that the problem is, that how many EJB/WS do you have in the same
deployment. If multiple, than all of them must share the same SecurityDomain, even if one
(or more of them) is not protected.
Eg. if you have SecuredBean and UnsecuredBean which are SLSBs and WSs too, then you have
to annotate both of them with SecurityDomain, but only SecureBean have to annotated with
WebContext:
---
@Stateless
@WebService(endpointInterface = "test.SecuredBeanLocal")
@SecurityDomain("TestDomain")
@WebContext(authMethod = "BASIC")
public class SecuredBean implements SecuredBeanLocal {
@javax.annotation.Resource
private SessionContext ctx;
@WebMethod(operationName="sayHello")
public String sayHello(String param1) {
return "Hello " + param1 + ": " +
ctx.getCallerPrincipal().getName();
}
}
---
@Stateless
@WebService(endpointInterface = "test.unsecuredBeanLocal")
@SecurityDomain("TestDomain")
public class UnsecuredBean implements UnsecuredBeanLocal {
@WebMethod(operationName="sayHello")
public String sayHello(String param1) {
return "Hello " + param1;
}
}
---
If you ommit the @SecurityDomain annotation on the second Bean then you will receive the
error, because JBossWS wants to link both endpoint (which are in the same web context) to
the same domain; and omitting the @SecurityDomain means that JBoss wants to use the
deafult "other" config, but the other TestDomain was already linked.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://jira.jboss.org/jira/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreno
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:49 p.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://issues.jboss.org/browse/JBWS-2535?page=com.atlassian.jira.plugin....
]
Riccardo Serafin commented on JBWS-2535:
----------------------------------------
Hi,
I've the same problem and I'm poking through the code. I'm looking at
http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossws/container/jboss50/bran...,
which seems to be the last available version for the 3.4.1 native stack.
It seems the code is looking at the security domain of all EJBs, even if they are not
@WebService annotated, which in my case is generating the problem, as my
"normal" EJBs need to use a different security domain from my
"webservice" EJBs.
Moreover, but this is more a question, I'm not getting the point of this check. I
mean, what if I have several web services that need to authenticate from different
security domain? If I understand it correctly, EJB security domain can be set and is
enforced on a per-EJB basis, so what's the need to set a unique security domain at the
web app level?
My solution at the moment, is to create a separate JAR with only the
"webservice" EJBs that need a different security domain, and ensure that all
EJBs in the same jar have the same domain, but it is a little annoying.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://issues.jboss.org/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreño
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:52 a.m.
New subject: [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
[
https://issues.jboss.org/browse/JBWS-2535?page=com.atlassian.jira.plugin....
]
Jesse Sweetland commented on JBWS-2535:
---------------------------------------
I'm getting this in EAP 5.1.0. Only one of my EJBs has @SecurityDomain. I've
tried both "JBossWS" and my custom domain, and I get the error in both cases.
The only way to avoid the error is to remove @SecurityDomain entirely.
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://issues.jboss.org/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreño
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:57 a.m.
New subject: [JBoss JIRA] (JBWS-2535) Multiple security domain check is too overzealous
[
https://issues.jboss.org/browse/JBWS-2535?page=com.atlassian.jira.plugin....
]
Rodrigo Uchoa commented on JBWS-2535:
-------------------------------------
Is there a patch to fix this in 5.1.0?
Multiple security domain check is too overzealous
-------------------------------------------------
Key: JBWS-2535
URL: https://issues.jboss.org/browse/JBWS-2535
Project: JBoss Web Services
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: jbossws-integration
Environment: Not sure about components or versions. It's definitely happening
in AS 5.0.0.GA.
Reporter: Galder Zamarreño
Assignee: Darran Lofthouse
If you mix up EJB3 SLSBs without security domains and SLSBs with
SecurityDomain("other"), and
you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an
exception
similar to this:
Caused by: java.lang.IllegalStateException: Multiple security domains not
supported
at
org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
at
org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
at
org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
at
org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
at
org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
at
org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
at
org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
at
org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
at
org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
at
org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
at
org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at
org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
... 18 more
The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4523
days inactive
5757
days old
jbossws-issues@lists.jboss.org
10 comments
8 participants
participants (8)
-
Alessio Soldano (JIRA) -
Galder Zamarreno (JIRA)
-
Jesse Sweetland (JIRA)
-
Joshua Davis (JIRA)
-
Markus Wilthaner (JIRA)
-
Riccardo Serafin (JIRA)
-
Rodrigo Uchoa (JIRA)
-
Zoltan Kiss (JIRA)