[jboss-user] [Security & JAAS/JBoss] - Re: EJB SecurityDomain across servers
adogg
do-not-reply at jboss.com
Mon Jul 24 11:50:36 EDT 2006
Yeah, I tried stripping everything down and I couldn't find a way to secure the remote interface only. Perhaps I'm doing something wrong, but the method in this class, for example:
@Remote
@SecurityDomain("mydomain")
public interface RemoteTestEJB3InterfaceSecured extends TestEJB3InterfaceSecured {
@RolesAllowed("admin")
void doSecure();
}
can be called by remote callers without having to authenticate, unless security is also placed on the implementation bean.
I couldn't find a section of the spec that mentions this, either.
Kind of disappointing that I can't place security restrictions on remote callers exclusively.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960446#3960446
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960446
More information about the jboss-user
mailing list