10 Replies Latest reply on Jun 12, 2012 2:53 AM by halliballi

security domain in jboss.xml

halliballi Jun 11, 2012 7:04 AM

I am porting a JBoss 4 application to JBoss AS 7

My Beans are EJB 2.1

I used following XML (jboss.xml in Meta-inf Folder in my jar file) in JBoss 4, and when the user was not logged in corresponding to MyDomain, access to the beans defiened in jboss.xml was not allowed

But with JBoss AS 7 it seems that the security restriction is not checked. Without authentication I can access the Beans that are defined.

Do I have to change the XML?

Where do I have to put the security Domain restriction information for my Beans?

{code:xml}
<jboss>
    <security-domain>java:/jaas/MyDomain</security-domain>     
    <container-configurations>
        <container-name>Standard Stateless SessionBean</container-name>
    </container-configurations>
    <enterprise-beans>
        <session>
            <ejb-name>SubscriptionMgrEJB</ejb-name>
            <jndi-name>SubscriptionMgrEJB</jndi-name>
            <local-jndi-name>local/SubscriptionMgrEJB</local-jndi-name>
        </session>
        <session>
...
...
...
 
{code}

Any help is appreciated ;-)

Thanks in advance

1. Re: security domain in jboss.xml

halliballi Jun 11, 2012 7:41 AM (in response to halliballi)

Removing java:/jaas/ does not seem to work for me either.
Any tips?
Actions
2. Re: security domain in jboss.xml

halliballi Jun 11, 2012 10:21 AM (in response to halliballi)

just to make sure. With setting the security-domain parameter in jboss.xml should deny access to the beans given in the same file.
So if the Domain like here "MyDomain" does not exist, it should not be possible to access and use any of the defined Beans, right?

Thanks
Actions
3. Re: security domain in jboss.xml

jaikiran Jun 11, 2012 10:28 AM (in response to halliballi)

AS7 does not support jboss.xml. It's renamed to jboss-ejb3.xml. And when you add the security-domain tag, you don't need the java:jaas prefix.
Actions
4. Re: security domain in jboss.xml

halliballi Jun 11, 2012 10:43 AM (in response to jaikiran)

ok, but it seems as if the xml is read and interpreted because my beans are deployed.
I will change the filenames and report if this will solve my problem.
Thank you very much
Actions
5. Re: security domain in jboss.xml

jaikiran Jun 11, 2012 10:49 AM (in response to halliballi)

Halli Balli wrote:

ok, but it seems as if the xml is read and interpreted because my beans are deployed.

No it's not read. The beans are being deployed either because you have a ejb-jar.xml listing those beans or your beans are annotated.
1 of 1 people found this helpful
Actions
6. Re: security domain in jboss.xml

jaikiran Jun 11, 2012 11:07 AM (in response to jaikiran)

By the way, here's how the security-domain configuration in jboss-ejb3.xml should look like https://community.jboss.org/message/648313#648313
Actions
7. Re: security domain in jboss.xml

halliballi Jun 11, 2012 11:15 AM (in response to jaikiran)

so, if I understand the linked post correctly, I can not add the security to all beans at once, I have to add the security-domain information to each bean?

Or do I have to edit ejb-jar.xml file?
Actions
8. Re: security domain in jboss.xml

jaikiran Jun 11, 2012 11:15 AM (in response to halliballi)

Halli Balli wrote:

so, if I understand the linked post correctly, I can not add the security to all beans at once, I have to add the security-domain information to each bean?
No. You can just set ejb-name to * to imply all beans.
Actions
9. Re: security domain in jboss.xml

jaysensharma Jun 11, 2012 11:15 AM (in response to halliballi)

Halli Balli,

         If you will notice the above link https://community.jboss.org/message/648166#648166 carefully then you will see the following kind of jboss-ejb3.xml

<?xml version="1.0"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"                   xmlns="http://java.sun.com/xml/ns/javaee"                   xmlns:s="urn:security"                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"                   xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd                      http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"                   version="3.1"                   impl-version="2.0"> <assembly-descriptor>     <s:security>       <ejb-name>*</ejb-name>       <s:security-domain>other</s:security-domain>     </s:security> </assembly-descriptor> </jboss:ejb-jar>

     In the abovve XML file due to <ejb-name>*</ejb-name>   all the Ejbs present in this module will be assigned to the security domain "other"
1 of 1 people found this helpful
Actions
10. Re: security domain in jboss.xml

halliballi Jun 12, 2012 2:53 AM (in response to jaysensharma)

Thank you two for helping me.
Actions

Go to original post