Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-14969

[GSS] (7.1.z) Unsecured EJB causes "Multiple security domains" exception

XMLWordPrintable

    • +
    • Hide

      1. Configure wildfly to use elytron for EJB:

      /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
      /subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain)
      

      2. Create deployment with following EJBs:

      @Stateless
      public class EjbUnsecured { ... }
      
      @Stateless
      @RolesAllowed("admin")
      @SecurityDomain("other2")
      public class EjbSecured { ... }
      

      3. Try to deploy - deploying will fail with mentioned exception.

      Show
      1. Configure wildfly to use elytron for EJB: /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain) /subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain) 2. Create deployment with following EJBs: @Stateless public class EjbUnsecured { ... } @Stateless @RolesAllowed( "admin" ) @SecurityDomain( "other2" ) public class EjbSecured { ... } 3. Try to deploy - deploying will fail with mentioned exception.

      When trying to deploy deployment containing following two EJBs, secured and unsecured, deploying fails with "Multiple security domains not supported" exception:

      21:16:30,089 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "ejb-deployment-1.0-SNAPSHOT.war"
      	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:150)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
      	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0490: Multiple security domains not supported
      	at org.jboss.as.ejb3.deployment.processors.EJBDefaultSecurityDomainProcessor.deploy(EJBDefaultSecurityDomainProcessor.java:99)
      	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:143)
      	... 8 more
      

      This behavior was in JBEAP-9289 considered correct for situation when one EJB references one security domain and the second references second security domain.
      It seems unsecured EJB is considered to be using default security domain.

      Workaround: Need to set unsecured bean secured by adding:

      @PermitAll
      @SecurityDomain("other2") // the same as for secured ejb
      

              chaowan@redhat.com Chao Wang
              rhn-support-bmaxwell Brad Maxwell
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: