Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14791

[GSS] (7.2.z) Unsecured EJB causes "Multiple security domains" exception

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 7.2.0.CD13
    • 7.1.2.GA
    • EJB, Security
    • None
    • Hide

      1. Configure wildfly to use elytron for EJB:

      /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
/subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain)

      2. Create deployment with following EJBs:

      @Stateless
public class EjbUnsecured { ... }

      @Stateless
@RolesAllowed("admin")
@SecurityDomain("other2")
public class EjbSecured { ... }

      3. Try to deploy - deploying will fail with mentioned exception.

      Show
      1. Configure wildfly to use elytron for EJB: /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain) /subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain) 2. Create deployment with following EJBs: @Stateless public class EjbUnsecured { ... } @Stateless @RolesAllowed( "admin" ) @SecurityDomain( "other2" ) public class EjbSecured { ... } 3. Try to deploy - deploying will fail with mentioned exception.

      When trying to deploy deployment containing following two EJBs, secured and unsecured, deploying fails with "Multiple security domains not supported" exception:

      21:16:30,089 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "ejb-deployment-1.0-SNAPSHOT.war"
	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:150)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0490: Multiple security domains not supported
	at org.jboss.as.ejb3.deployment.processors.EJBDefaultSecurityDomainProcessor.deploy(EJBDefaultSecurityDomainProcessor.java:99)
	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:143)
	... 8 more

      This behavior was in JBEAP-9289 considered correct for situation when one EJB references one security domain and the second references second security domain.
      It seems unsecured EJB is considered to be using default security domain.

      Workaround: Need to set unsecured bean secured by adding:

      @PermitAll
@SecurityDomain("other2") // the same as for secured ejb

              jkalina@redhat.com Jan Kalina (Inactive)
              rhn-support-dehort Derek Horton
              Sultan Zhantemirov Sultan Zhantemirov (Inactive)
              Sultan Zhantemirov Sultan Zhantemirov (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: