3 Replies Latest reply on Nov 23, 2014 10:36 PM by jaikiran

    Wildfly 8.2: EJBs in WARs now inherit the WAR security domain

    pgarner
    pgarner Nov 21, 2014 1:51 PM

      First of all, thank you all for your hard work in order to release Wildly 8.2!

       

      Second, I have a question about the release announcement where it says, "EJBs in WARs now inherit the WAR security domain." I spent the past hour trying to find out what this means.

       

      From Wildfly documentation:

      https://docs.jboss.org/author/display/WFLY8/Deployment+Descriptors+used+In+WildFly

      https://docs.jboss.org/author/display/WFLY8/EJB+3+Reference+Guide

      https://docs.jboss.org/author/display/WFLY8/Securing+EJBs

      https://docs.jboss.org/author/display/WFLY8/jboss-ejb3.xml+Reference

       

      From JBoss Community:

      https://developer.jboss.org/wiki/JBossAS7SecurityDomainModel

      https://developer.jboss.org/wiki/PrimerOnWebSecurityInJBossAS

      https://developer.jboss.org/wiki/JBossAS7SecureMyWebAppHowDoI

       

      From Quickstart examples:

      https://github.com/wildfly/quickstart/tree/master/servlet-security

      https://github.com/wildfly/quickstart/tree/master/ejb-security

      https://github.com/wildfly/quickstart/tree/master/ejb-security-plus

       

      But alas, I've come up short.  Can you briefly tell me what it means for an EJB to inherit WAR security or point out a web resource that would explain it?  I'm primarily interested in what's changed from the developer's perspective in writing code and/or changes to jboss-web.xml or jboss-ejb3.xml. 

        • 1. Re: Wildfly 8.2: EJBs in WARs now inherit the WAR security domain
          jaikiran
          jaikiran Nov 22, 2014 12:32 AM (in response to pgarner)

          Here's the feature request which explains the issue [WFLY-3102] EJB in WAR should inherit WAR's security domain - JBoss Issue Tracker which was present in previous versions.

          1 of 1 people found this helpful
            • Actions
          • 2. Re: Re: Wildfly 8.2: EJBs in WARs now inherit the WAR security domain
            pgarner
            pgarner Nov 22, 2014 10:49 AM (in response to jaikiran)

            Oh ok.  I took a look at the WFLY-3102 description, which says, "If you define an EJB within WEB-INF/classes it does not inherit the security domain from the WAR file and defaults to 'other'. Counter-intuitive, IMO. Not sure if it is easily fixable though."

             

            Just to make sure I understand correctly... The EJB security domain is set by the <s:security-domain> element in jboss-ejb3.xml.  In the following example the security domain would be "mySecurityDomain."

             

            <?xml version="1.1" encoding="UTF-8"?>
            <jboss:ejb-jar
               xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
               xmlns="http://java.sun.com/xml/ns/javaee"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xmlns:s="urn:security:1.1"
               xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"
               version="3.1"
               impl-version="2.0">

               <assembly-descriptor>

                   <s:security>

                       <ejb-name>*</ejb-name>

                       <s:security-domain>mySecurityDomain</s:security-domain>

                   </s:security>

               </assembly-descriptor>

            </jboss:ejb-jar>

             

            And, from what I now gather, prior to WFLY-3102 the EJB security domain would default to "other" in the absence of <s:security-domain> entry in jboss-ejb3.xml even though jboss-web.xml's <security-domain> was set to a certain value (in the example below, "mySecurityDomain").  But after WFLY-3102 the EJB security domain defaults to the <security-domain> value in jboss-web.xml.  Is this correct?  If so, now we can remove the <s:security-domain> entry in jboss-ejb3.xml if it's value is identical to the <security-domain> value in jboss-web.xml?  Is this also correct?

             

            <?xml version="1.0" encoding="UTF-8"?>
            <jboss-web>

                 <security-domain>mySecurityDomain</security-domain>

                 <use-jboss-authorization>true</use-jboss-authorization>

            </jboss-web>

              • Actions
            • 3. Re: Wildfly 8.2: EJBs in WARs now inherit the WAR security domain
              jaikiran
              jaikiran Nov 23, 2014 10:36 PM (in response to pgarner)

              Patrick Garner wrote:

               

              And, from what I now gather, prior to WFLY-3102 the EJB security domain would default to "other" in the absence of <s:security-domain> entry in jboss-ejb3.xml even though jboss-web.xml's <security-domain> was set to a certain value (in the example below, "mySecurityDomain").  But after WFLY-3102 the EJB security domain defaults to the <security-domain> value in jboss-web.xml.  Is this correct?

              Yes, that's correct.

               

              Patrick Garner wrote:

               

              If so, now we can remove the <s:security-domain> entry in jboss-ejb3.xml if it's value is identical to the <security-domain> value in jboss-web.xml?  Is this also correct?

               

              <?xml version="1.0" encoding="UTF-8"?>
              <jboss-web>

                   <security-domain>mySecurityDomain</security-domain>

                   <use-jboss-authorization>true</use-jboss-authorization>

              </jboss-web>

              Yes, that's correct too.

                • Actions