[jboss-jira] [JBoss JIRA] Resolved: (JBAS-5960) EJB2: Lack of security domain in JBoss DD does not bypass security
Marcus Moyses (JIRA)
jira-events at lists.jboss.org
Mon Oct 6 09:24:21 EDT 2008
[ https://jira.jboss.org/jira/browse/JBAS-5960?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcus Moyses resolved JBAS-5960.
---------------------------------
Resolution: Done
Fixed and created test org.jboss.test.security.test.EJBNullSecurityDomainUnitTestCase for it in the testsuite.
> EJB2: Lack of security domain in JBoss DD does not bypass security
> ------------------------------------------------------------------
>
> Key: JBAS-5960
> URL: https://jira.jboss.org/jira/browse/JBAS-5960
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: EJB2
> Affects Versions: JBossAS-5.0.0.CR1
> Reporter: Anil Saldhana
> Assignee: Marcus Moyses
> Fix For: JBossAS-5.0.0.GA
>
>
> Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message. But if there is presence of security meta data for the deployment (EJB2 method perms in ejb-jar.xml), there is an expectation of security enforcement. In this case, we need to default the security domain to "other".
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list