[jboss-user] [Security & JAAS/JBoss] - Re: Security Roles On EJB3 Remote Interface Only
adogg
do-not-reply at jboss.com
Mon Jul 24 11:51:39 EDT 2006
Yeah, I tried stripping everything down and I couldn't find a way to secure the remote interface only. Perhaps I'm doing something wrong, but the method in this class, for example:
@Remote
@SecurityDomain("mydomain")
public interface RemoteTestEJB3InterfaceSecured extends TestEJB3InterfaceSecured {
@RolesAllowed("admin")
void doSecure();
}
can be called by remote callers without having to authenticate, unless security is also placed on the implementation bean.
I couldn't find a section of the spec that mentions this, either.
Kind of disappointing that I can't place security restrictions on remote callers exclusively.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960447#3960447
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960447
More information about the jboss-user
mailing list