[jboss-user] [Security & JAAS/JBoss] - EJB3 and security role references

leobaz2 do-not-reply at jboss.com
Thu Nov 27 15:49:58 EST 2008


Hello,

I have an ear file that contains secured EJBs.  The beans are coded using EJB3 annotations @Local, @Stateless and are secured using @DeclareRoles, @RolesAllowed, and @SecurityDomain.  

Everything seems to deploy perfectly and I can get the bean instance from JNDI from a servlet located in a different EAR but in the save JBoss instance. 

My questions is regarding security role references.  My beans are coded with @RolesAllowed({"UserRole"}) but the role in the database for the users is "USER ROLE".  Because of this, I know I need to use some sort of security role referencing to map "USER ROLE" to "UserRole". Since I'm using annotations to code my EJBs, how can I do this?

I've tried to add the following to jboss-app.xml in the ear that contains the EJBs but it did not work.

<security-role>
      <role-name>UserRole</role-name>
      <principal-name>USER ROLE</principal-name>
</security-role>

Can anyone help me?  All beans will have the same roles so I want to do this on globally.  I though the jboss-app.xml would work.  I'm I doing something wrong?

I'm using JBoss 4.2.3, JAVA 6, EJB3.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4192888#4192888

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4192888



More information about the jboss-user mailing list