6 Replies Latest reply on Apr 5, 2012 2:05 AM by Serkan Yıldırım

    How to secure one EJB and leave another unsecured for remoting on JBoss 7.1

    Jan Snelders Newbie

      From this thread and the answers from Darran Lofthouse I understand that to be able to secure an EJB you must at least secure the remoting connector.
      (security-realm="ApplicationRelam" parameter on the tag '<connector name="remoting-connector" socket-binding="remoting" security-realm="AguraRealm"/>' in standalone.xml)


      So the question arises: If I would like to allow remote unauthenticated access to EJB-One but would like to secure EJB-Two (by annotating it with an @SecurityDomain for example), is that even possible?


      If I need to secure the remoting connector just to be able to secure EJB-Two, I can't have unauthenticated access to EJB-One. If I remove the security-realm="ApplicationRealm" from remoting connector to allow unautenticated access to EJB-One, any authentication credentials will never reach login module configured for the @SecurityDomain to secure EJB-Two as explained in the earlier mentioned forum thread (if I understood that discussion correctly).


      So is this use case covered or just not possible in JBoss 7.1.x?