[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-1115) CLONE -Allow a default <security-domain> element in jboss.xml

Gunnar Grim (JIRA) jira-events at lists.jboss.org
Thu Nov 15 08:33:19 EST 2007 

    [ http://jira.jboss.com/jira/browse/EJBTHREE-1115?page=comments#action_12387716 ] 
            
Gunnar Grim commented on EJBTHREE-1115:
---------------------------------------

Not fixed, see http://jira.jboss.com/jira/browse/EJBTHREE-703

> CLONE -Allow a default <security-domain> element in jboss.xml
> -------------------------------------------------------------
>
>                 Key: EJBTHREE-1115
>                 URL: http://jira.jboss.com/jira/browse/EJBTHREE-1115
>             Project: EJB 3.0
>          Issue Type: Feature Request
>         Environment: - Jboss 4.0.3RC1, installed with the installer using the all configuration
> - Windows 2000
>            Reporter: Gunnar Grim
>         Assigned To: William DeCoste
>
> I'm using the DatabaseServerLoginModule to map principal and roles (client uses ClientLoginModule)
> I have a one SLSB with the following security definitions:
> @SecurityDomain("testApp-server")
> public class....... {
>    @RolesAllowed("admin")
>    public int add(int a, int b) {...}
> }
> Everything works fine - but I want to move the security domain's declaration to the DD:
> I removed the '@SecurityDomain' annotation and added a
> <security-domain>java:/jaas/testApp-server</security-domain> element to my jboss-app.xml file.
> It doesn't work - everyone can access my "secured" method.
> Additional tests I did:
> A. I know that the jboss-app.xml is being loaded since I added a service module (SAR) into it - and it is being loaded
> B. I tried to replace the name of the security domain with an none-exist security domain and again 
>       nothing happends (not even an error message)
> C. I tried both static login configuration (server/conf/login-config.xml) and a dynamic one (using the 
>      DynamicLoginConfig) - yet, nothing happends

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list