[jboss-user] [Security & JAAS/JBoss] - Re: JBoss4.0 and JAAS/Login-config.xml

eschulma do-not-reply at jboss.com
Thu Jan 25 11:38:06 EST 2007

I decided I should go a little further with this and check that the EJB security domain worked as expected rather than defaulting to "other", even though we aren't using EJB permissions yet.

It turns out the steps outlined previously work for securing the web pages of the app -- but to have the EJB security domain work as expected, in jboss.xml I need

  | <security-domain>webappDomain</security-domain>

rather than the expected

  | <security-domain>java:/jaas/webappDomain</security-domain>

I think this might explain problems like this:


Since this is contrary to the documentation, I would consider this a serious bug.  I will open a JIRA case (though I don't have a good simple test case, I'm afraid.)  I am running in clustered mode, could that possibly have anything to do with it?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4006417#4006417

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4006417

More information about the jboss-user mailing list