1 Reply Latest reply on Jul 19, 2006 8:25 AM by j2ee_junkie

    Multiple security domains in one EAR

    lhoriman Jul 19, 2006 12:37 AM

      Is it possible to have multiple security domains in one EAR?

      I have an application that consists of two major components:

      1) The main application (user-facing frontend), with a custom LoginModule that auths against the hibernate store of members.
      2) The customer support tool, which auths against our corporate LDAP store using the LDAPLoginModule.

      My (perhaps naive) first pass designing this involves two security domains. The main application EJBs have one @SecurityDomain, the customer support EJBs have a different @SecurityDomain.

      Obviously the customer support tool backend EJBs need to communicate with the main user application EJBs to manipulate user accounts, etc. What happens when the EJBs associated with one @SecurityDomain call into the EJBs of a different @SecurityDomain? I suspect bad things.

      Is there a strategy for making this work?

      Thanks,
      Jeff

      • 2752 Views
      • Tags:
        • 1. Re: Multiple security domains in one EAR
          j2ee_junkie
          j2ee_junkie Jul 19, 2006 8:25 AM (in response to lhoriman)

          Hi Jeff,

          Yes you can have more than one security-domain in an ear. However, you need to make sure that the roles that intersect the two security domains are defined in each. In other words, if EJB A in security domain A needs to communicate with EJB B in security domain B, then the run-as role defined for A must match that required by B. AFAIK!

          cgriffith

            • Actions