3 Replies Latest reply on May 10, 2013 6:14 AM by bondchan921

    ejb cmp 2.x on jboss as 5.0.1

      when I deploy my application on jboss 5 i get, for each bean:

      EJB configured to bypass security. Please verify if this is intended

      the application itself work as usual, but I would like to get rid of those warnings. What should I change ?


        • 1. Re: ejb cmp 2.x on jboss as 5.0.1

          From what i see in the EJB2.x code, this WARN message is printed if the bean is unsecured (i.e. you do not have any security-domain or restrictions on the roles that can access the bean method). I don't know why it should be logged as a WARN, since securing EJBs is optional.

          • 2. Re: ejb cmp 2.x on jboss as 5.0.1

            Hi Jaikiran,



            I have same issue as above, but I configed "<security-domain>java:/jaas/lrs</security-domain>" in conf/standardjboss.xml, which by means should be default config to all my ejb2 jar, so why still not work?


            BTW which works under jboss 4, I can see the security related JNDI in the jmx-console. but in jboss 5, only work if I add "<security-domain>java:/jaas/lrs</security-domain>"  to jboss.xml under ejb2 jar's META-INF folder



              The security-domain element specifies the JNDI name of the security

              manager that implements the EJBSecurityManager and RealmMapping for

              the domain. When specified at the jboss level it specifies the security

              domain for all j2ee components in the deployment unit.

              One can override the global security-domain at the container

              level using the security-domain element at the container-configuration




              Used in: jboss, container-configuration



            Message was edited by: Bond Chan

            • 3. Re: ejb cmp 2.x on jboss as 5.0.1

              So in jboss 4(EAP 4.3 or 4.2.3GA) security-domain config in standard-jboss.xml can be default for all applications in the same JVM? whilst in jboss 5(EAP 5.1.2 or 5.1.0.GA) need config security-domain inside the each application explicitely?