1 Reply Latest reply on Sep 15, 2011 1:51 PM by mmoyses

SecurityDomain Annotation

ramonmolossi Sep 15, 2011 1:43 PM

I'm creating a WebApplication using Jboss AS 7 and trying to use a Form Based Authentication using a DatabaseServerLoginModule.

My authentication and roles are ok.

I had a problem to protect a EJB class.

I configured my EJB methods with @RolesAllowed("Admin") as I wanted.

But nothing is getting blocked, even who don't have the "Admin" Role....

Then I tried to configure the @org.jboss.security.annotation.SecurityDomain("myDomain") at class type definition. Nothing gets blocked yet.

Then I tried to use @org.jboss.ejb3.annotation.SecurityDomain("myDomain") and things starts work.

I just want to know why. If I am not supposed to use de org.jboss.security annotation or if I missed some configuration.

My configuration is really simple:

<security-domain name="myDomain" cache-type="default">

<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

<module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>

<module-option name="principalsQuery" value="mySQL1"/>

<module-option name="rolesQuery" value=mySQL2"/>

<module-option name="hashAlgorithm" value="MD5"/>

<module-option name="hashEncoding" value="HEX"/>

</login-module>

</authentication>

</security-domain>

ps: At this moment I just trying authentication configs wich are really ok, I'm having some troubles with authorization configs inside this security-domain, but I will create a new discussion to that.

1. Re: SecurityDomain Annotation

mmoyses Sep 15, 2011 1:51 PM (in response to ramonmolossi)

org.jboss.ejb3.annotation.SecurityDomain is the correct annotation for AS7. The other one is a legacy class and should not be used.
Actions