[jboss-jira] [JBoss JIRA] Commented: (JBAS-5960) EJB2: Lack of security domain in JBoss DD does not bypass security
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Mon Oct 20 16:38:20 EDT 2008
[ https://jira.jboss.org/jira/browse/JBAS-5960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12434552#action_12434552 ]
Anil Saldhana commented on JBAS-5960:
-------------------------------------
http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/main/org/jboss/test/security/test/SecurityDomainTolerateUnitTestCase.java
I reused your deployment and found the gaps.
> EJB2: Lack of security domain in JBoss DD does not bypass security
> ------------------------------------------------------------------
>
> Key: JBAS-5960
> URL: https://jira.jboss.org/jira/browse/JBAS-5960
> Project: JBoss Application Server
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: EJB2
> Affects Versions: JBossAS-5.0.0.CR1
> Reporter: Anil Saldhana
> Assignee: Marcus Moyses
> Fix For: JBossAS-5.0.0.GA
>
>
> Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message. But if there is presence of security meta data for the deployment (EJB2 method perms in ejb-jar.xml), there is an expectation of security enforcement. In this case, we need to default the security domain to "other".
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list