[jboss-jira] [JBoss JIRA] Updated: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
Richard Kennard (JIRA)
jira-events at lists.jboss.org
Wed Jun 8 23:39:59 EDT 2011
[ https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Kennard updated EJBTHREE-2255:
--------------------------------------
Attachment: SecurityDomainTest.zip
Test EAR created with JBoss Tools. Note the test will fail even though the EJB is annotated @SecurityDomain( "" ).
If you uncomment the <security-domain/> in jboss.xml it'll work.
> @SecurityDomain has no equivalent for <security-domain/>
> --------------------------------------------------------
>
> Key: EJBTHREE-2255
> URL: https://issues.jboss.org/browse/EJBTHREE-2255
> Project: EJB 3.0
> Issue Type: Bug
> Environment: JBoss 6.0.0.Final
> Reporter: Richard Kennard
> Attachments: SecurityDomainTest.zip
>
>
> Test case attached.
> We have found it useful to turn off the security-domain for certain EJBs so that they can be accessed from unauthenticated clients. We can do this in jboss.xml using <security-domain /> but not, it seems, from an EJB using the @SessionDomain annotation.
> A @SessionDomain( "" ) is simply ignored.
> We're not a big fan of hard-coding security domain names inside EJBs, but it seems fine to be able to say 'this EJB has no security domain at all'. Should the annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list