[jbossws-issues] [JBoss JIRA] Commented: (JBWS-2535) Multiple security domain check is too overzealous
Riccardo Serafin (JIRA)
jira-events at lists.jboss.org
Sun Jan 16 18:49:49 EST 2011
[ https://issues.jboss.org/browse/JBWS-2535?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12575817#comment-12575817 ]
Riccardo Serafin commented on JBWS-2535:
----------------------------------------
Hi,
I've the same problem and I'm poking through the code. I'm looking at http://viewvc.jboss.org/cgi-bin/viewvc.cgi/jbossws/container/jboss50/branches/jbossws-jboss510/src/main/java/org/jboss/webservices/integration/tomcat/SecurityMetaDataAccessorEJB3.java?view=log, which seems to be the last available version for the 3.4.1 native stack.
It seems the code is looking at the security domain of all EJBs, even if they are not @WebService annotated, which in my case is generating the problem, as my "normal" EJBs need to use a different security domain from my "webservice" EJBs.
Moreover, but this is more a question, I'm not getting the point of this check. I mean, what if I have several web services that need to authenticate from different security domain? If I understand it correctly, EJB security domain can be set and is enforced on a per-EJB basis, so what's the need to set a unique security domain at the web app level?
My solution at the moment, is to create a separate JAR with only the "webservice" EJBs that need a different security domain, and ensure that all EJBs in the same jar have the same domain, but it is a little annoying.
> Multiple security domain check is too overzealous
> -------------------------------------------------
>
> Key: JBWS-2535
> URL: https://issues.jboss.org/browse/JBWS-2535
> Project: JBoss Web Services
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: jbossws-integration
> Environment: Not sure about components or versions. It's definitely happening in AS 5.0.0.GA.
> Reporter: Galder Zamarreño
> Assignee: Darran Lofthouse
>
> If you mix up EJB3 SLSBs without security domains and SLSBs with SecurityDomain("other"), and
> you add an EJB3 WS endpoint to the deployment archive, the deployment would fail with an exception
> similar to this:
> Caused by: java.lang.IllegalStateException: Multiple security domains not supported
> at org.jboss.wsf.container.jboss50.deployment.tomcat.SecurityHandlerEJB3.addSecurityDomain(SecurityHandlerEJB3.java:58)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.createJBossWebAppDescriptor(WebAppGenerator.java:268)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.generatWebDeployment(WebAppGenerator.java:101)
> at org.jboss.wsf.container.jboss50.transport.WebAppGenerator.create(WebAppGenerator.java:85)
> at org.jboss.wsf.container.jboss50.transport.EJBHttpTransportManager.createListener(EJBHttpTransportManager.java:78)
> at org.jboss.wsf.framework.deployment.HttpTransportDeploymentAspect.create(HttpTransportDeploymentAspect.java:76)
> at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.create(DeploymentAspectManagerImpl.java:121)
> at org.jboss.wsf.container.jboss50.BareWSFRuntime.create(BareWSFRuntime.java:61)
> at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:84)
> at org.jboss.wsf.container.jboss50.deployer.AbstractDeployerHookEJB.deploy(AbstractDeployerHookEJB.java:43)
> at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
> at org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerEJB.internalDeploy(WebServiceDeployerEJB.java:112)
> at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
> at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
> ... 18 more
> The validation seems to be a bit too overzealous.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbossws-issues
mailing list