[jboss-as7-dev] Wrong SecurityManagement/AuthenticationManager

Anil Saldhana Anil.Saldhana at redhat.com
Wed Dec 7 14:01:27 EST 2011


This may be due to EJB3 security using the SimpleSecurityManager class 
that Carlo coded.
https://github.com/anilsaldhana/jboss-as/blob/master/security/src/main/java/org/jboss/as/security/service/SimpleSecurityManager.java

There may be a missing link to the JBossCachedAuthenticationManager 
inside the security subsystem.

On 11/28/2011 10:05 AM, Anil Saldhana wrote:
> Ok,  we will check this out.
> We want the JBossCachedAM in all cases.
>
> On 11/27/2011 01:21 PM, Dieter Tengelmann wrote:
>> Hi,
>>
>> I've configured my security-domain with cache-type="default" in the
>> standalone.xml, an instance of JBossCachedAuthenticationManager is
>> initialized correctly via JNDIBasedSecurityManagement, but my
>> application is permanently authenticating via the JAAS login module. I
>> realized that "JBossAuthenticationManager" is used in all EJB parts,
>> only the JBOSS web realm is using the
>> JBossCachedAuthenticationManager...
>>
>> JBossSecurityContext.getAuthenticationManager() delivers via
>> "DefaultSecurityManagement" an instance of
>> JbossAuthenticationManager
>>
>> Is there a workaround for me to receive/set the correct
>> AuthenticationManager till you fix this bug? Not using the cache
>> causes some serious problems in my application...
>>
>> Best regards,
>> Dieter Tengelmann


More information about the jboss-as7-dev mailing list