Hi everyone,
I would like to secure my EJBs using security-domains model provided by jboss. Unfortunatelly I can't find the way how to tell EJB in which security domain it exists.
What I got so far:
In my ejb project (not EAR - since there are many examples how to setup it in EAR projects it's quite important) I have such a bean:
@Singleton
@Remote(IInterface.class)
@RolesAllowed({"myuser"})
public class MasterDataControllerBean implements IInterface
Then I have modified login-config.xml in conf directory with such entry:
<application-policy name="my-domain">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="principal">myuser</module-option>
<module-option name="userName">sa</module-option>
<module-option name="password">sa</module-option>
</login-module>
</authentication>
</application-policy>
Now I would like to tell my bean that it is in domain "my-domain". The only solutions I found are:
- entry in jboss-app.xml
- using jboss dependant annotation SecurityDomain
Neither of those two solutions are good for me. Is there any other way how I can setup the security-doamin?
I'm using jboss 6.1.Final.
Thanks in advance,
mirag
As far as I'm aware, there isn't a vendor neutral way of doing this.
I find the @SecurityDomain annotation works well though. What are your objections to using this?