1 Reply Latest reply on Nov 8, 2005 8:53 AM by Philipp Meier

    @SecurityDomain and jboss.xml

    Jens Elkner Apprentice

      I have the following jboss.xml in an ejb3 archive:

      <jboss>
       <security-domain>java:/jaas/foo</security-domain>
      </jboss>


      My understanding is, that all beans are bound to that domain "automatically" and that @RolesAllowed({"JBossAdmin"}) annotated methods throw a security exception, if the principal of the invoker is not in the role "JBossAdmin".

      Unfortunately, this is not the case (I'm trying it with SSB). But when I annotate the bean class with @SecurityDomain("foo"), then everything works as expected, i.e. only principals in the role of JBossAdmin are able to execute the annotated method.

      Question: Is this a bug? If not, what is wrong with my jboss.xml? Actually I thought, that one is even able to overwrite the hardcoded @SecurityDomain via jboss.xml.

      Just for the records, my ear layout:

      foo.ear
      |-- META-INF
      | `-- application.xml
      |-- foo.ejb3
      | |-- META-INF
      | | |-- INDEX.LIST
      | | |-- MANIFEST.MF
      | | `-- jboss.xml
      | `-- org
      | `-- server
      | `-- LoginTest.class
      `-- foo.par
       `-- META-INF
       |-- INDEX.LIST
       |-- MANIFEST.MF
       `-- persistence.xml