[jboss-jira] [JBoss JIRA] Updated: (JBAS-5961) EJB3: Lack of security domain in JBoss DD does not bypass security

Anil Saldhana (JIRA) jira-events at lists.jboss.org
Sun Sep 14 13:09:31 EDT 2008 

     [ https://jira.jboss.org/jira/browse/JBAS-5961?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anil Saldhana updated JBAS-5961:
--------------------------------

    Component/s: EJB3
                     (was: EJB2)
    Description: Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message.  But if there is presence of security meta data for the deployment (EJB3 sec annotations), there is an expectation of security enforcement. In this case, we need to default the security domain to "other".  (was: Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message.  But if there is presence of security meta data for the deployment (EJB2 method perms in ejb-jar.xml), there is an expectation of security enforcement. In this case, we need to default the security domain to "other".)


> EJB3: Lack of security domain in JBoss DD does not bypass security
> ------------------------------------------------------------------
>
>                 Key: JBAS-5961
>                 URL: https://jira.jboss.org/jira/browse/JBAS-5961
>             Project: JBoss Application Server
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: EJB3
>    Affects Versions: JBossAS-5.0.0.CR1
>            Reporter: Anil Saldhana
>            Assignee: Anil Saldhana
>             Fix For: JBossAS-5.0.0.GA
>
>
> Currently, if there is no security domain defined for a deployment, we bypass security with a fat WARN message.  But if there is presence of security meta data for the deployment (EJB3 sec annotations), there is an expectation of security enforcement. In this case, we need to default the security domain to "other".

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list