Its parsed based on the jaxb annotations on the org.jboss.resource.metadata.mcf.SecurityDomainMetaData class. The org.jboss.resource.deployers.ManagedConnectionFactoryParserDeployer is the deployer that controls this.
I am not sure any SecurityDomain is getting created in the BCM. The way the BCM startService() is coded is:
if (securityDomainJndiName != null && jaasSecurityManagerService == null) throw new DeploymentException("You must supply both securityDomainJndiName and jaasSecurityManagerService to use container managed security"); if (securityDomainJndiName != null) securityDomain = (SubjectSecurityManager) new InitialContext().lookup(SECURITY_MGR_PATH + securityDomainJndiName);
So basically there needs to be an injection of securityDomainJndiName. This is not happening at all.
The test case I was peeking at was:
Adrian's rant about the JCA security integration is here: