We are running Jboss 3.2.x with a custom login-module.
We have a Bean which should have the following properties:
- Remote view should be securised with a given role and should use our login-module
- Local view does not need to be securised (actually it should not be because if we start processing from an MDB, we go a "No security context set" exception.
Here is what I did:
#1 Create a securised container extending standard with a reference to my security-domain:
<container-configuration extends="Standard Stateless SessionBean">
<container-name>Secure Stateless SessionBean</container-name> <security-domain>java:/jaas/OurDatabaseSecurityDomain</security-domain>
#2 Map the Bean to this container configuration
#3 Change the method permission:
- Home and Remote should have the role
- LocalHome and Local has the unchecked element
When I invoke the local view of my Bean from an MDB, Jboss call the login method of my custom login module.
Is there any way to get around this? I don't want any security on the local view of my bean.