0 Replies Latest reply on Oct 6, 2005 10:22 AM by snicoll@kiala.com

    different security domain for local and remote view of a bea

    snicoll@kiala.com Newbie

      Hello,

      We are running Jboss 3.2.x with a custom login-module.

      We have a Bean which should have the following properties:

      - Remote view should be securised with a given role and should use our login-module
      - Local view does not need to be securised (actually it should not be because if we start processing from an MDB, we go a "No security context set" exception.

      Here is what I did:

      #1 Create a securised container extending standard with a reference to my security-domain:

      <container-configuration extends="Standard Stateless SessionBean">
      <container-name>Secure Stateless SessionBean</container-name> <security-domain>java:/jaas/OurDatabaseSecurityDomain</security-domain>
      </container-configuration>

      #2 Map the Bean to this container configuration

      #3 Change the method permission:

      - Home and Remote should have the role
      - LocalHome and Local has the unchecked element

      When I invoke the local view of my Bean from an MDB, Jboss call the login method of my custom login module.

      Is there any way to get around this? I don't want any security on the local view of my bean.