[jboss-jira] [JBoss JIRA] Updated: (JBAS-7037) JBossAS 5.x fails to use EJB's security domain in jboss.xml when the call is from web container

Calvin Lin (JIRA) jira-events at lists.jboss.org
Fri Jun 26 13:10:56 EDT 2009 

     [ https://jira.jboss.org/jira/browse/JBAS-7037?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Calvin Lin updated JBAS-7037:
-----------------------------

    Workaround Description: 
Our workaround for standalone JBoss AS is to add "CLIENT_LOGIN_MODULE" application-policy in login-config.xml and use that for EJB container authentication.
For clustering environment, the workaround is to add "BYPASSED-SECURITY" application-policy in login-config.xml to handle the EJB container authentication.

  was:Our workaround is to add "CLIENT_LOGIN_MODULE" application-policy in login-config.xml and use that for EJB container authentication.



> JBossAS 5.x fails to use EJB's security domain in jboss.xml when the call is from web container
> -----------------------------------------------------------------------------------------------
>
>                 Key: JBAS-7037
>                 URL: https://jira.jboss.org/jira/browse/JBAS-7037
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-5.0.1.GA, JBossAS-5.1.0.GA
>         Environment: Problem found on Windows platform
>            Reporter: Calvin Lin
>            Assignee: Stefan Guilhen
>             Fix For: JBossAS-5.0.2.GA
>
>         Attachments: ConfigFiles-lib.zip, JBAS-jira-authenBug.zip
>
>
> A degredation from JBoss 4.0.x and 4.2.x to JBoss 5.0.1.GA and JBoss 5.1.0.GA.
> We noticed that the JAAS login in EJB container always picks up the Web app's security domain when the client login is originated from a web application client.  The security domain specified in EJB container's jboss.xml is always ignored in this situation.
> The detailed problem description is posted on JBoss forum:
> http://www.jboss.org/index.html?module=bb&op=viewtopic&t=156863

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list