1 Reply Latest reply on Mar 3, 2004 5:02 PM by Scott Stark

    Non-EJB security

    johnripley Newbie

      All of the security examples I have seen for JBoss involve J2EE/EJB container based security. My use of JBoss is to make use of the MBean component model as opposed EJB component model as it offers more flexibility that I need. My question is how do I enforce secure access to components (mbean based) using a declarative security model like J2EE.

      The backbone of JBoss is JMX/MBean based so they must enforce security at that level too (outside the EJB container) but I am having a difficult time finding examples/docs on it. I have bought the online docs but they seem to be EJB based somewhat.

      I am new to JBoss so I may be completely off base. Any help would be greatly appreciated.

      Thanks,
      John

        • 1. 3824060
          Scott Stark Master

          JMX has no meanignful security contract so your on your own and living outside of the spec. The admin/devl guide talks about using the XMBean impl of the ModelMBean to add security on top of a service. See the testsuite/src/resource/jmx/interceptors/secured-xbmean.xml descriptor for another example.