[jboss-user] [Security & JAAS/JBoss] - EJB3 and security role references
leobaz2
do-not-reply at jboss.com
Thu Nov 27 15:49:58 EST 2008
Hello,
I have an ear file that contains secured EJBs. The beans are coded using EJB3 annotations @Local, @Stateless and are secured using @DeclareRoles, @RolesAllowed, and @SecurityDomain.
Everything seems to deploy perfectly and I can get the bean instance from JNDI from a servlet located in a different EAR but in the save JBoss instance.
My questions is regarding security role references. My beans are coded with @RolesAllowed({"UserRole"}) but the role in the database for the users is "USER ROLE". Because of this, I know I need to use some sort of security role referencing to map "USER ROLE" to "UserRole". Since I'm using annotations to code my EJBs, how can I do this?
I've tried to add the following to jboss-app.xml in the ear that contains the EJBs but it did not work.
<security-role>
<role-name>UserRole</role-name>
<principal-name>USER ROLE</principal-name>
</security-role>
Can anyone help me? All beans will have the same roles so I want to do this on globally. I though the jboss-app.xml would work. I'm I doing something wrong?
I'm using JBoss 4.2.3, JAVA 6, EJB3.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4192888#4192888
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4192888
More information about the jboss-user
mailing list