[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-703) <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

Gunnar Grim (JIRA) jira-events at jboss.com
Sun Dec 3 04:47:56 EST 2006 

    [ http://jira.jboss.com/jira/browse/EJBTHREE-703?page=comments#action_12348096 ] 
            
Gunnar Grim commented on EJBTHREE-703:
--------------------------------------

In my experience the authentication does not revert to the default domain. Instead there is no authentication at all which is pretty serious. The workaround makes it next to impossible to create portable applications.



> <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: EJBTHREE-703
>                 URL: http://jira.jboss.com/jira/browse/EJBTHREE-703
>             Project: EJB 3.0
>          Issue Type: Bug
>            Reporter: David Green
>         Assigned To: Bill Burke
>
> Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans.
> In the jboss-app.xml the security domain is specified as follows:
> <jboss-app>
> 	<security-domain>java:/jaas/hch</security-domain>
> </jboss-app>
> In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix).  This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one.
> The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list