3 Replies Latest reply on Apr 12, 2007 7:16 AM by david malec

    Declarative security in JBoss - Annotations and XML file com

    david malec Newbie

      Hello everybody

      I have a problem with declarative security configuration in application. Finally I configured JAAS authentication/authorization for some of my EJB's using anntations like @SecurityDomain etc. It works properly.

      I have configured login-config :

      <application-policy name = "kusssdemo-policy">

      <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"/>
      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" >
      <module-option name="password-stacking">useFirstPass</module-option>
      <module-option name = "dsJndiName">java:/kusssdemo</module-option>
      <module-option name = "principalsQuery">...</module-option>
      <module-option name = "rolesQuery">...</module-option>
      <module-option name="unauthenticatedIdentity">guest</module-option>


      It's a swing application and I use custom ClientLoginModule to perform authentication (but for this case it doesn't matter I think)

      But now I need to declare security in DD (ejb-jar.xml). I want to use the same roles, which I retrieve from DatabaseServerLoginModule to protect method from other EJB's.

      my ejb-jar is :





      I'm using JBoss 4.2.0CR1 and I found that tag <security-role-ref> is not implemented yet.

      my jboss.xml :




      But it does not work, the EJB can access everybody.

      PLEASE can you help me, am I missing something?

      Thanks an wish a nice day