[jboss-user] [Security & JAAS/JBoss] - method permission via ejb-jar.xml ignored
formica
do-not-reply at jboss.com
Fri Aug 8 10:49:18 EDT 2008
Hi,
I have a problem with security using jboss-4.2.2-GA
I have managed to set permissions via annotations but I did not manage to set them via a partial ejb-jar.xml file
Here is my ejb-jar.xml
| <?xml version="1.0" encoding="UTF-8"?>
| <ejb-jar xmlns = "http://java.sun.com/xml/ns/javaee"
| version = "3.0"
| xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
| xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd">
| <assembly-descriptor>
| <method-permission>
| <role-name>AlignW</role-name>
| <method>
| <ejb-name>AligniovDAOBean</ejb-name>
| <method-name>*</method-name>
| </method>
| </method-permission>
| </assembly-descriptor>
| </ejb-jar>
|
Here is my jboss.xml :
| <!DOCTYPE jboss PUBLIC
| "-//JBoss//DTD JBOSS 4.0//EN"
| "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
| <jboss>
| <security-domain>AtlAlignDB</security-domain>
| </jboss>
|
|
Both are in a jar file (under META-INF) containing some session beans.
The login-config.xml under /server/default/conf contains the definition of the application policy.
The packaging of my application is
.ear/
META-INF/application.xml
<my-entity>.jar
<my-session>.jar
....
As I said, security is correctly taken into account via annotations, but any statement in ejb-jar about method permissions is ignored.
Can you help me with that ?
Thanks a lot for any hint you can provide
Andrea Formica
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4169617#4169617
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4169617
More information about the jboss-user
mailing list