[jboss-jira] [JBoss JIRA] Moved: (EJBTHREE-703) <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

Scott M Stark (JIRA) jira-events at jboss.com
Thu Sep 14 22:33:40 EDT 2006 

     [ http://jira.jboss.com/jira/browse/EJBTHREE-703?page=all ]

Scott M Stark moved JBAS-3624 to EJBTHREE-703:
----------------------------------------------

              Project: EJB 3.0  (was: JBoss Application Server)
                  Key: EJBTHREE-703  (was: JBAS-3624)
          Component/s:     (was: EJB3)
    Affects Version/s:     (was: JBossAS-4.0.4.GA)

> <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: EJBTHREE-703
>                 URL: http://jira.jboss.com/jira/browse/EJBTHREE-703
>             Project: EJB 3.0
>          Issue Type: Bug
>            Reporter: David Green
>         Assigned To: Bill Burke
>
> Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans.
> In the jboss-app.xml the security domain is specified as follows:
> <jboss-app>
> 	<security-domain>java:/jaas/hch</security-domain>
> </jboss-app>
> In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix).  This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one.
> The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list