[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-703) <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

Jason Hopkins (JIRA) jira-events at lists.jboss.org
Fri Jun 15 08:16:00 EDT 2007 

    [ http://jira.jboss.com/jira/browse/EJBTHREE-703?page=comments#action_12365507 ] 
            
Jason Hopkins commented on EJBTHREE-703:
----------------------------------------

I've tried several work arounds for this issue and none work successfully.  I can generally get either the web-application login security working OR the EJB3 authentication (by specifying  "java:/jaas/hch" from the example above in the name of the application-policy element) , but not both.

As a temporary measure I've altered the "other" security domain, but this is not ideal.

> <security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: EJBTHREE-703
>                 URL: http://jira.jboss.com/jira/browse/EJBTHREE-703
>             Project: EJB 3.0
>          Issue Type: Bug
>            Reporter: David Green
>         Assigned To: Bill Burke
>
> Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans.
> In the jboss-app.xml the security domain is specified as follows:
> <jboss-app>
> 	<security-domain>java:/jaas/hch</security-domain>
> </jboss-app>
> In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix).  This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one.
> The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list