Although I am not particularly new to JBoss, I am rather new to its security features. I apologize in advance for this possibly trivial question:
I began development with earlier versions of JBoss and have been extremely happy with its progress. The design of the application for security reasons is using a Broker/Proxy pattern. Thus, all traffic to our server is through one main Broker stateless session bean, and from there internal requests to other session beans is made. These session beans in turn may do database lookups or entity bean manipulation.
In the original design (and possibly due to my own naiive preconceptions), I 'hid' the entity and session beans from the outside world using the java: namespace. For example:
Perhaps this is not the way to go. I have a feeling that JAAS is but I'm stubborn and it *was* working fine. However, I tried to upgrade to 2.4.4 and get the following error when the same bean is deployed in the new container:
javax.management.MalformedObjectNameException: ObjectName: Invalid value -> java:/entity/Patients
I've searched a fair bit on the web for the solution but have had no success. I am hoping that one of you could shed some light on this.
As an addendum, one of the reasons that I have not pursued JAAS (apart from my lack of understanding and time) is how I can do this without the need for password authentication for access to all the beans.
Any help would be greatly appreciated. Please forgive me if this is a really simple questions. I am in your debt.