1 Reply Latest reply on Mar 12, 2012 7:27 AM by David Salter

    Security for EJB project - JBoss 6

    miragpl Newbie

      Hi everyone,

       

      I would like to secure my EJBs using security-domains model provided by jboss. Unfortunatelly I can't find the way how to tell EJB in which security domain it exists.


      What I got so far:

       

      In my ejb project (not EAR - since there are many examples how to setup it in EAR projects it's quite important) I have such a bean:

       

      @Singleton

      @Remote(IInterface.class)

      @RolesAllowed({"myuser"})

      public class MasterDataControllerBean implements IInterface

       

      Then I have modified login-config.xml in conf directory with such entry:

       

      <application-policy name="my-domain">

        <authentication>

                    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                                    <module-option name="principal">myuser</module-option>

                                    <module-option name="userName">sa</module-option>

                                    <module-option name="password">sa</module-option>

                          </login-module>

        </authentication>

      </application-policy>

       

      Now I would like to tell my bean that it is in domain "my-domain". The only solutions I found are:

      - entry in jboss-app.xml

      - using jboss dependant annotation SecurityDomain

      Neither of those two solutions are good for me. Is there any other way how I can setup the security-doamin?

       

      I'm using jboss 6.1.Final.

       

      Thanks in advance,

       

      mirag