9 Replies Latest reply on Dec 10, 2008 9:16 AM by leobaz2

    EJB3 and security role references

    leobaz2

      Hello,

      I have an ear file that contains secured EJBs. The beans are coded using EJB3 annotations @Local, @Stateless and are secured using @DeclareRoles, @RolesAllowed, and @SecurityDomain.

      Everything seems to deploy perfectly and I can get the bean instance from JNDI from a servlet located in a different EAR but in the save JBoss instance.

      My questions is regarding security role references. My beans are coded with @RolesAllowed({"UserRole"}) but the role in the database for the users is "USER ROLE". Because of this, I know I need to use some sort of security role referencing to map "USER ROLE" to "UserRole". Since I'm using annotations to code my EJBs, how can I do this?

      I've tried to add the following to jboss-app.xml in the ear that contains the EJBs but it did not work.

      <security-role>
      <role-name>UserRole</role-name>
      <principal-name>USER ROLE</principal-name>
      </security-role>

      Can anyone help me? All beans will have the same roles so I want to do this on globally. I though the jboss-app.xml would work. I'm I doing something wrong?

      I'm using JBoss 4.2.3, JAVA 6, EJB3.