0 Replies Latest reply on Jan 21, 2002 5:57 AM by Mary

    HELP! <enforce-ejb-restrictions>

    Mary Newbie

      Hi,
      I have been struggling for some time with how to configure JBoss to enforce the Java 2 security policy (EJB1.1 spec. section 18.2.1.1). There is much documentation about configuring users and method access (declarative security) but practically nothing about Java 2 security.
      I just started using JBoss 2.4.4 (from JBoss 2.2.2) and the <enforce-ejb-restrictions> element of the standard-jboss.xml is new. This seems to be the answer to my prayers...I have invested alot of time in configuring JBoss2.2.2 and am no closer to my goal.
      However, aside from a comment in the jboss DTD there is no discussion about this new miracle element. I have set it to true and nothing in our application execution seems to change. I am sure that we violate the Java security policy (JNI, XML file read) but nothing happens.
      In order for <enforce-ejb-restrictions> to be effective do I need to enable a security manager? If so does the JAAS security manager also handle such security or just user authentication and authorization? Where is the implementation of org.jboss.security.plugins.JaasSecurityManager anyway? When I do not need user a&a can I just use the java.lang.SecurityManager?
      Someone please give me the lowdown! I have tried on my own and can't get any farther.
      Mary