[jboss-jira] [JBoss JIRA] Created: (JBAS-3624) <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

[David Green (JIRA)]

<security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans
-------------------------------------------------------------------------------------------------------------------------

                 Key: JBAS-3624
                 URL: http://jira.jboss.com/jira/browse/JBAS-3624
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: EJB3
    Affects Versions: JBossAS-4.0.4.GA
            Reporter: David Green
         Assigned To: Bill Burke


Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans.

In the jboss-app.xml the security domain is specified as follows:

<jboss-app>
	<security-domain>java:/jaas/hch</security-domain>
</jboss-app>

In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix).  This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one.

The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira