[jboss-user] [Security & JAAS/JBoss] - method permission via ejb-jar.xml ignored

formica do-not-reply at jboss.com
Fri Aug 8 10:49:18 EDT 2008

I have a problem with security using jboss-4.2.2-GA
I have managed to set permissions via annotations but I did not manage to set them via a partial ejb-jar.xml file

Here is my ejb-jar.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <ejb-jar xmlns = "http://java.sun.com/xml/ns/javaee" 
  |          version = "3.0" 
  |          xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" 
  |          xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
  |    <assembly-descriptor>
  |       <method-permission>
  |          <role-name>AlignW</role-name>
  |          <method>
  |             <ejb-name>AligniovDAOBean</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |      </method-permission>
  |    </assembly-descriptor>
  | </ejb-jar>

Here is my jboss.xml :

  | <!DOCTYPE jboss PUBLIC
  |       "-//JBoss//DTD JBOSS 4.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
  | <jboss> 
  |   <security-domain>AtlAlignDB</security-domain> 
  | </jboss> 

Both are in a jar file (under META-INF) containing some session beans.

The login-config.xml under /server/default/conf contains the definition of the application policy.
The packaging of my application is 

As I said, security is correctly taken into account via annotations, but any statement in ejb-jar about method permissions is ignored.

Can you help me with that ?
Thanks a lot for any hint you can provide

Andrea Formica

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169617#4169617

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169617

More information about the jboss-user mailing list