Uploaded image for project: 'Application Server 3  4  5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-7037

JBossAS 5.x fails to use EJB's security domain in jboss.xml when the call is from web container

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 6.0.0.M2
    • JBossAS-5.0.1.GA, JBossAS-5.1.0.GA
    • Security
    • Compatibility/Configuration
    • Workaround Exists
    • Hide

      Our workaround for standalone JBoss AS is to add "CLIENT_LOGIN_MODULE" application-policy in login-config.xml and use that for EJB container authentication.
      For clustering environment, the workaround is to add "BYPASSED-SECURITY" application-policy in login-config.xml to handle the EJB container authentication.

      Show
      Our workaround for standalone JBoss AS is to add "CLIENT_LOGIN_MODULE" application-policy in login-config.xml and use that for EJB container authentication. For clustering environment, the workaround is to add "BYPASSED-SECURITY" application-policy in login-config.xml to handle the EJB container authentication.

      A degredation from JBoss 4.0.x and 4.2.x to JBoss 5.0.1.GA and JBoss 5.1.0.GA.

      We noticed that the JAAS login in EJB container always picks up the Web app's security domain when the client login is originated from a web application client. The security domain specified in EJB container's jboss.xml is always ignored in this situation.

      The detailed problem description is posted on JBoss forum:
      http://www.jboss.org/index.html?module=bb&op=viewtopic&t=156863

              sguilhen Stefan Guilhen
              clin1 Calvin Lin (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: