6 Replies Latest reply on Aug 8, 2011 3:49 PM by jean.baldessar

Security Domain

beckers Jul 28, 2011 9:33 AM

Hi,

I'm porting an application from 6.0.0 to 7.0.0. I got most things working. There's a bug with oracle and hibernate 4. Another thing is, that protecting my stateless session bean is not working anymore.

I got the security domain in jboss-web.xml and jboss.xml, in the web container it's working. Accessing a protected page triggers my form login and I'm logged in.

My stateless session bean can be called no matter if I have no annotation, @DenyAll or a @RolesAllowed("some role i dont have").

Do I need to change or add a configuration or is it a bug?

Yours,

Andreas

1. Re: Security Domain

jaikiran Jul 28, 2011 10:11 AM (in response to beckers)

Have you added @org.jboss.ejb3.annotation.SecurityDomain on the EJB?
Actions
2. Re: Security Domain

beckers Jul 28, 2011 1:56 PM (in response to jaikiran)

Hi Jaijkiran,

No, I didn't have. Now I added that annotation and it seems to work.
So the jboss.xml isn't evaluated any more?
I don't like it having jboss specific annotations in my code. Is there a way to tell it in a cofiguration file, as before in the jboss.xml?

Thanks,
Andreas
Actions
3. Re: Security Domain

jaikiran Jul 28, 2011 11:31 PM (in response to beckers)

We'll add support for jboss.xml in the upcoming releases.
Actions
4. Re: Security Domain

jean.baldessar Aug 8, 2011 12:48 PM (in response to beckers)

beckers, could you access the caller principal from inside your stateless session bean?
I'm having a similar problem with authentication in the EJB tier: here is the post

thanks
Actions
5. Re: Security Domain

beckers Aug 8, 2011 2:47 PM (in response to jean.baldessar)

With the @SecurityDomain I can access the caller principal. I don't use ajax.
Actions
6. Re: Security Domain

jean.baldessar Aug 8, 2011 3:49 PM (in response to beckers)

thanks beckers.

I made a simple sample application to explain my problam and it worked.
Now a got to find whats diferent in my production application.

When I find the problem i'll post it for the community
Actions

Go to original post