5 Replies Latest reply on Mar 20, 2009 1:56 AM by jaikiran pai

    More SecurityDomain woes in AS5

    Jeff Schnitzer Newbie

      I've created a simple test app with a DyamicLoginConfig mbean that loads an arbitrary config. This mbean is loaded from a jboss-service.xml located in the META-INF of the ear. The mbean seems to load just fine and the java:/jaas/blah domain is visible in JNDI.

      However, attempts to actually use this security domain (by using the @SecurityDomain annotation on EJBs) fail. The container actually uses the "other" domain no matter what I do. When I make unauthenticated calls, the identity returned by getPrincipal() is the unauthenticated identity of "other".

      Authenticated calls using the LoginInitialContextFactory completely fail on the client, just throwing java.lang.ClassNotFoundException: com.sun.security.auth.login.ConfigFile. Manually setting up the identity with SecurityAssociation.setPrincipal() and setCredential() have no effect.

      Do remote calls to protected EJBs work at all?

      Jeff