[jboss-user] [Security & JAAS/JBoss] - Re: EJB SecurityDomain across servers

adogg do-not-reply at jboss.com
Mon Jul 24 11:50:36 EDT 2006

Yeah, I tried stripping everything down and I couldn't find a way to secure the remote interface only.  Perhaps I'm doing something wrong, but the method in this class, for example:

public interface RemoteTestEJB3InterfaceSecured extends TestEJB3InterfaceSecured {

    void doSecure();

can be called by remote callers without having to authenticate, unless security is also placed on the implementation bean.  

I couldn't find a section of the spec that mentions this, either.  

Kind of disappointing that I can't place security restrictions on remote callers exclusively.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960446#3960446

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960446

More information about the jboss-user mailing list