4 Replies Latest reply on Jun 20, 2003 10:13 PM by Adrian Brock

    Overriding EJB security domain

    Nandak Newbie

      We are using JBoss 3.0.4 and facing this problem:-

      How to turn-off (override) authentication/authorization for a specific EJB ?
      Note all EJBs are secured under a common security domain declared at the top of jboss.xml. I tried to follow the documentation to override the security domain for that EJB with another one using a container configuration in jboss.xml and noticed that the override is not taking effect (the common one holds ground still ). Am I missing something ?

      <container-configurations>
      <container-configuration extends="Standard Stateless SessionBean">
      <container-name>TempStatelessSession</container-name>
      <security-domain>java:/jaas/client-login</security-domain>
      </container-configuration>
      </container-configurations>

      Any help is most appreciated.

      Thanks.

        • 1. Re: Overriding EJB security domain
          Nandak Newbie

          I forgot to mention - I do reference the container name for that specific EJB for which I am trying to override the security domain. Basically I extended the container configuration from standardjboss.xml and tried to override the security domain.

          Thanks.

          • 2. Re: Overriding EJB security domain
            Adrian Brock Master

            Post the full configuration.

            Try enabled debug in log4j.xml to see if
            you can see anything obvious during deployment
            in server.log

            Regards,
            Adrian

            • 3. Re: Overriding EJB security domain
              Nandak Newbie

              Here is the snippet of jboss.xml

              <?xml version="1.0"?>

              <security-domain>java:/jaas/SecDomainX</security-domain>
              <enterprise-beans>

              <ejb-name>EJBX</ejb-name>
              <jndi-name>EJBX</jndi-name>
              <container-name>TempStatelessSession</container-name>


              --- some more stuff ---

              <container-configurations>
              <container-configuration extends="Standard Stateless SessionBean">
              <container-name>TempStatelessSession</container-name>
              <security-domain>java:/jaas/SecDomainY</security-domain>
              </container-configuration>
              </container-configurations>



              Actually the security domain I was trying to override with was the default client-login just for testing purposes - org.jboss.security.ClientLoginModule.

              Looking at jboss.log, I noticed the statement:

              2003-06-19 22:23:08,221 DEBUG [org.jboss.ejb.StatelessSessionContainer] Binding securityDomain: java:/jaas/SecDomainX to JDNI ENC as: security/security-domain

              Anyway, I just want to suppress authentication for one of the stateless session beans to implement a business logic.

              Thanks.

              • 4. Re: Overriding EJB security domain
                Adrian Brock Master

                That looks correct at first glance.

                Can you post an example application,
                you haven't included ejb-jar.xml

                If you want to avoid security for a bean
                I would suggest configuring per bean
                rather than per deployment.

                Regards,
                Adrian