1 Reply Latest reply on Nov 8, 2005 8:53 AM by llucifer

@SecurityDomain and jboss.xml

elkner Oct 7, 2005 9:36 AM

I have the following jboss.xml in an ejb3 archive:

<jboss>
 <security-domain>java:/jaas/foo</security-domain>
</jboss>

My understanding is, that all beans are bound to that domain "automatically" and that @RolesAllowed({"JBossAdmin"}) annotated methods throw a security exception, if the principal of the invoker is not in the role "JBossAdmin".

Unfortunately, this is not the case (I'm trying it with SSB). But when I annotate the bean class with @SecurityDomain("foo"), then everything works as expected, i.e. only principals in the role of JBossAdmin are able to execute the annotated method.

Question: Is this a bug? If not, what is wrong with my jboss.xml? Actually I thought, that one is even able to overwrite the hardcoded @SecurityDomain via jboss.xml.

Just for the records, my ear layout:

foo.ear
|-- META-INF
| `-- application.xml
|-- foo.ejb3
| |-- META-INF
| | |-- INDEX.LIST
| | |-- MANIFEST.MF
| | `-- jboss.xml
| `-- org
| `-- server
| `-- LoginTest.class
`-- foo.par
 `-- META-INF
 |-- INDEX.LIST
 |-- MANIFEST.MF
 `-- persistence.xml

1. Re: @SecurityDomain and jboss.xml

llucifer Nov 8, 2005 8:53 AM (in response to elkner)

Any comments on this from a jboss staff member?
Actions