5 Replies Latest reply on Oct 20, 2009 12:12 PM by mwx.dennis

    Role check is not executed

    mwx.dennis Oct 20, 2009 10:31 AM

      I'm getting started with security stuff and have a very basic question concerning authorization.

      In my stateless session bean, deployed in a JBoss AS 5.1.0, I marked a business method with @DenyAll to see how security prevents me from calling this method. I did not change the security setup, i.e. did not modify the login-config.xml.

      My problem is, the method is executed as if there was no @DenyAll annotation. I also tried to put it in the remote interface and tried @RolesAllowed(..) too. Is this correct behavior? I would have expected the container to block these calls. What do I have to do to make it work?

      • 1642 Views
      • Tags:
        • 1. Re: Role check is not executed
          mwx.dennis Oct 20, 2009 11:03 AM (in response to mwx.dennis)

          When I add a @SecurityDomain annotation to my EJB the call fails as expected.
          This feels a bit dicey - when I forget to put the @SecurityDomain annotation in an EJB my authorization checks won't work and there will be no warning.
          Is there a way to assign a security domain globally, i.e. for an entire application?

            • Actions
          • 2. Re: Role check is not executed
            mwx.dennis Oct 20, 2009 11:56 AM (in response to mwx.dennis)

            OK, to make this a perfect monolog and for reference.. ;-)
            I found the answer in the EJB3.0 book (OReilly), in the JBoss workbook.
            In the jboss.xml (in the EJB jar's META-INF) add the following entry:

            <security-domain>other</security-domain>


            This defines "other" as the global security domain.


              • Actions
            • 3. Re: Role check is not executed
              jaikiran
              jaikiran Oct 20, 2009 12:06 PM (in response to mwx.dennis)

              You can add it to the jboss.xml so that it applies to the entire ejb application:

              <?xml version="1.0"?>
<jboss
 xmlns="http://www.jboss.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee
 http://www.jboss.org/j2ee/schema/jboss_5_0.xsd"
 version="3.0">
...
<security-domain>blah</security-domain>
...
</jboss>


                • Actions
              • 4. Re: Role check is not executed
                jaikiran
                jaikiran Oct 20, 2009 12:07 PM (in response to mwx.dennis)

                Ah, you did not give me a change to break your monologue ;)

                  • Actions
                • 5. Re: Role check is not executed
                  mwx.dennis Oct 20, 2009 12:12 PM (in response to mwx.dennis)

                  Sorry :-o
                  But thanks for answering anyway. I'm sure I will have more questions which will not end up in a monologue ;)

                    • Actions