When I add a @SecurityDomain annotation to my EJB the call fails as expected.
This feels a bit dicey - when I forget to put the @SecurityDomain annotation in an EJB my authorization checks won't work and there will be no warning.
Is there a way to assign a security domain globally, i.e. for an entire application?
OK, to make this a perfect monolog and for reference.. ;-)
I found the answer in the EJB3.0 book (OReilly), in the JBoss workbook.
In the jboss.xml (in the EJB jar's META-INF) add the following entry:
This defines "other" as the global security domain.
You can add it to the jboss.xml so that it applies to the entire ejb application:
<?xml version="1.0"?> <jboss xmlns="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss_5_0.xsd" version="3.0"> ... <security-domain>blah</security-domain> ... </jboss>
Ah, you did not give me a change to break your monologue ;)
But thanks for answering anyway. I'm sure I will have more questions which will not end up in a monologue ;)