Uploaded image for project: 'EJB 3.0'
  1. EJB 3.0
  2. EJBTHREE-703

<security-domain> setting in deployment descriptor populates @SecurityDomain annotation incorrectly on EJB3 session beans

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • None

      Specifying a <security-domain> in the jboss-app.xml incorrectly sets the @SecurityDomain on EJB3 session beans.

      In the jboss-app.xml the security domain is specified as follows:

      <jboss-app>
      <security-domain>java:/jaas/hch</security-domain>
      </jboss-app>

      In Ejb3DescriptorHandler the security-domain is copied directly into the SecurityDomainImpl instance as "java:/jaas/hch", however the @SecurityDomain annotation should be populated with the value "hch" (without the leading "java:/jaas/" prefix). This causes the EJB3 session bean authentication to behave unexpectedly, since the authentication for the bean reverts to the default domain instead of the specified one.

      The only way I've found to workaround this issue is to specify the @SecurityDomain individually on every session bean in the project.

              patriot1burke@gmail.com Bill Burke (Inactive)
              dgreen99_jira David Green (Inactive)
              Votes:
              6 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: