[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-2255) @SecurityDomain has no equivalent for <security-domain/>
jaikiran pai (JIRA)
jira-events at lists.jboss.org
Wed Jun 8 23:55:59 EDT 2011
[ https://issues.jboss.org/browse/EJBTHREE-2255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12607332#comment-12607332 ]
jaikiran pai commented on EJBTHREE-2255:
----------------------------------------
Hi Richard,
I'm not sure what didn't work. But if a @SecurityDomain is absent from the EJB (and also from jboss.xml) then it means that it is unsecured. That's how it is implemented.
> @SecurityDomain has no equivalent for <security-domain/>
> --------------------------------------------------------
>
> Key: EJBTHREE-2255
> URL: https://issues.jboss.org/browse/EJBTHREE-2255
> Project: EJB 3.0
> Issue Type: Bug
> Environment: JBoss 6.0.0.Final
> Reporter: Richard Kennard
> Attachments: SecurityDomainTest.zip
>
>
> Test case attached.
> We have found it useful to turn off the security-domain for certain EJBs so that they can be accessed from unauthenticated clients. We can do this in jboss.xml using <security-domain /> but not, it seems, from an EJB using the @SessionDomain annotation.
> A @SessionDomain( "" ) is simply ignored.
> We're not a big fan of hard-coding security domain names inside EJBs, but it seems fine to be able to say 'this EJB has no security domain at all'. Should the annotation work for this?
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list