10 Replies Latest reply on Jun 12, 2012 2:53 AM by Halli Balli

security domain in jboss.xml

Halli Balli Jun 11, 2012 7:04 AM

I am porting a JBoss 4 application to JBoss AS 7

My Beans are EJB 2.1

I used following XML (jboss.xml in Meta-inf Folder in my jar file) in JBoss 4, and when the user was not logged in corresponding to MyDomain, access to the beans defiened in jboss.xml was not allowed

But with JBoss AS 7 it seems that the security restriction is not checked. Without authentication I can access the Beans that are defined.

Do I have to change the XML?

Where do I have to put the security Domain restriction information for my Beans?

{code:xml}
<jboss>
    <security-domain>java:/jaas/MyDomain</security-domain>     
    <container-configurations>
        <container-name>Standard Stateless SessionBean</container-name>
    </container-configurations>
    <enterprise-beans>
        <session>
            <ejb-name>SubscriptionMgrEJB</ejb-name>
            <jndi-name>SubscriptionMgrEJB</jndi-name>
            <local-jndi-name>local/SubscriptionMgrEJB</local-jndi-name>
        </session>
        <session>
...
...
...
 
{code}

Any help is appreciated ;-)

Thanks in advance

1. Re: security domain in jboss.xml

Halli Balli Jun 11, 2012 7:41 AM (in response to Halli Balli)

Removing java:/jaas/ does not seem to work for me either.
Any tips?
Like (0)

Actions
2. Re: security domain in jboss.xml

Halli Balli Jun 11, 2012 10:21 AM (in response to Halli Balli)

just to make sure. With setting the security-domain parameter in jboss.xml should deny access to the beans given in the same file.
So if the Domain like here "MyDomain" does not exist, it should not be possible to access and use any of the defined Beans, right?

Thanks
Like (0)

Actions
3. Re: security domain in jboss.xml

Jaikiran Pai Jun 11, 2012 10:28 AM (in response to Halli Balli)

AS7 does not support jboss.xml. It's renamed to jboss-ejb3.xml. And when you add the security-domain tag, you don't need the java:jaas prefix.
Like (0)

Actions
4. Re: security domain in jboss.xml

Halli Balli Jun 11, 2012 10:43 AM (in response to Jaikiran Pai)

ok, but it seems as if the xml is read and interpreted because my beans are deployed.
I will change the filenames and report if this will solve my problem.
Thank you very much
Like (0)

Actions
5. Re: security domain in jboss.xml

Jaikiran Pai Jun 11, 2012 10:49 AM (in response to Halli Balli)

Halli Balli wrote:

ok, but it seems as if the xml is read and interpreted because my beans are deployed.

No it's not read. The beans are being deployed either because you have a ejb-jar.xml listing those beans or your beans are annotated.
1 of 1 people found this helpful
Like (0)

Actions
6. Re: security domain in jboss.xml

Jaikiran Pai Jun 11, 2012 11:07 AM (in response to Jaikiran Pai)

By the way, here's how the security-domain configuration in jboss-ejb3.xml should look like https://community.jboss.org/message/648313#648313
Like (0)

Actions
7. Re: security domain in jboss.xml

Halli Balli Jun 11, 2012 11:15 AM (in response to Jaikiran Pai)

so, if I understand the linked post correctly, I can not add the security to all beans at once, I have to add the security-domain information to each bean?

Or do I have to edit ejb-jar.xml file?
Like (0)

Actions
8. Re: security domain in jboss.xml

Jaikiran Pai Jun 11, 2012 11:15 AM (in response to Halli Balli)

Halli Balli wrote:

so, if I understand the linked post correctly, I can not add the security to all beans at once, I have to add the security-domain information to each bean?
No. You can just set ejb-name to * to imply all beans.
Like (0)

Actions
9. Re: security domain in jboss.xml

Jay SenSharma Jun 11, 2012 11:15 AM (in response to Halli Balli)

Halli Balli,

         If you will notice the above link https://community.jboss.org/message/648166#648166 carefully then you will see the following kind of jboss-ejb3.xml

<?xml version="1.0"?>
<jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee"                   xmlns="http://java.sun.com/xml/ns/javaee"                   xmlns:s="urn:security"                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"                   xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd                      http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd"                   version="3.1"                   impl-version="2.0"> <assembly-descriptor>     <s:security>       <ejb-name>*</ejb-name>       <s:security-domain>other</s:security-domain>     </s:security> </assembly-descriptor> </jboss:ejb-jar>

     In the abovve XML file due to <ejb-name>*</ejb-name>   all the Ejbs present in this module will be assigned to the security domain "other"
1 of 1 people found this helpful
Like (0)

Actions
10. Re: security domain in jboss.xml

Halli Balli Jun 12, 2012 2:53 AM (in response to Jay SenSharma)

Thank you two for helping me.
Like (0)

Actions