You can add a security-domain element as a toplevel jboss.xml element to secure all ejbs in a jar, or you can add a security-domain element to the entity container configuration:
<jboss> <container-configurations> <container-configuration> <container-name>Standard CMP EntityBean</container-name> <security-domain>java:/jaas/mydomain</security-domain> </container-configuration> </container-configurations> </jboss>
Hmm, perhaps I did not understand the meaning of this config. I figured out the "stateful-session-roles" entry myself so it seems that something inside jboss needs this entry with exactly this value?!
Anyway, if I specify
where myentry is the entry in my servers auth.conf, is this enough to secure all beans?
Yes and this is the preferred way of setting the security domain.
Thanks a lot! I removed all container-configuration tags and it still works!
It would probably be a good idea to emphasize this in the docs.
Ciao and thanks again!