[jboss-jira] [JBoss JIRA] Commented: (JBAS-7037) JBossAS 5.x fails to use EJB's security domain in jboss.xml when the call is from web container

Stefan Guilhen (JIRA) jira-events at lists.jboss.org
Mon Dec 28 19:08:31 EST 2009 

    [ https://jira.jboss.org/jira/browse/JBAS-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12501710#action_12501710 ] 

Stefan Guilhen commented on JBAS-7037:
--------------------------------------

The root of the problem is that PreSecurityInterceptor ignores the container's security domain when the incoming call is a local call. In other words, if a security context already exists (which is the case when the call is made from within the web container), then the security domain that has been set in the context is used, ignoring the domain of the EJB container. I've made some changes to JBoss SX to allow updating the context's domain and released a new version of JBoss SX. I'll now update the application server and fix the PreSecurityInterceptor.

> JBossAS 5.x fails to use EJB's security domain in jboss.xml when the call is from web container
> -----------------------------------------------------------------------------------------------
>
>                 Key: JBAS-7037
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7037
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.1.GA, JBossAS-5.1.0.GA
>         Environment: Problem found on Windows platform
>            Reporter: Calvin Lin
>            Assignee: Stefan Guilhen
>             Fix For: JBossAS-6.0.0.M3
>
>         Attachments: ConfigFiles-lib.zip, JBAS-jira-authenBug.zip
>
>
> A degredation from JBoss 4.0.x and 4.2.x to JBoss 5.0.1.GA and JBoss 5.1.0.GA.
> We noticed that the JAAS login in EJB container always picks up the Web app's security domain when the client login is originated from a web application client.  The security domain specified in EJB container's jboss.xml is always ignored in this situation.
> The detailed problem description is posted on JBoss forum:
> http://www.jboss.org/index.html?module=bb&op=viewtopic&t=156863

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list