This content has been marked as final.
Show 3 replies
-
1. Re: Security flaw in JBoss ?
starksm64 Mar 2, 2004 9:37 AM (in response to joaocm)Without a specfication and configuration of a security-domain in a jboss.xml descriptor there is no security. Validate that the eclipse plugin in correctly configuring the jboss.xml descriptor.
-
2. Re: Security flaw in JBoss ?
joaocm Mar 2, 2004 10:11 AM (in response to joaocm)jboss.xml is correctly configured in the Server. I'm using a eclipse plugin as an EJB client.
The problem is that my eclipse plugin client bypasses the security context that I have configured.
But if I use my command-line client it works as expected (the login process must be done to call some method).
Debugging my EJB I see that the principal in the session context is null when called by the eclipse plugin. But the method is called and works.
ejb-jar.xml... <method-permission > <description></description> <role-name>customer</role-name> <role-name>internal</role-name> <method > <description></description> <ejb-name>ProjectService</ejb-name> <method-name>*</method-name> </method> </method-permission> ...
jboss.xml<jboss> <security-domain>java:/jaas/sinergia</security-domain> <enterprise-beans> <session> <ejb-name>ProjectService</ejb-name> <jndi-name>ProjectService</jndi-name> </session> </enterprise-beans> <resource-managers> </resource-managers> </jboss>
-
3. Re: Security flaw in JBoss ?
starksm64 Mar 3, 2004 4:54 AM (in response to joaocm)I don't use eclipse, so try the JBossIDE forum.