1 Reply Latest reply on Mar 12, 2012 7:27 AM by david.salter

Security for EJB project - JBoss 6

miragpl Mar 5, 2012 12:11 PM

Hi everyone,

I would like to secure my EJBs using security-domains model provided by jboss. Unfortunatelly I can't find the way how to tell EJB in which security domain it exists.

What I got so far:

In my ejb project (not EAR - since there are many examples how to setup it in EAR projects it's quite important) I have such a bean:

@Singleton

@Remote(IInterface.class)

@RolesAllowed({"myuser"})

public class MasterDataControllerBean implements IInterface

Then I have modified login-config.xml in conf directory with such entry:

<application-policy name="my-domain">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

<module-option name="principal">myuser</module-option>

<module-option name="userName">sa</module-option>

<module-option name="password">sa</module-option>

</login-module>

</authentication>

</application-policy>

Now I would like to tell my bean that it is in domain "my-domain". The only solutions I found are:

- entry in jboss-app.xml

- using jboss dependant annotation SecurityDomain

Neither of those two solutions are good for me. Is there any other way how I can setup the security-doamin?

I'm using jboss 6.1.Final.

Thanks in advance,

mirag

1. Re: Security for EJB project - JBoss 6

david.salter Mar 12, 2012 7:27 AM (in response to miragpl)

As far as I'm aware, there isn't a vendor neutral way of doing this.

I find the @SecurityDomain annotation works well though. What are your objections to using this?
Actions