Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-6271

Add a service that can be used to ensure a virtual SecurityDomain associated with a virtual-security-domain resource has been created

XMLWordPrintable

      Currently, the automatic creation of a virtual SecurityDomain doesn't happen until processing a deployment. This can be problematic when we have two deployments, say EAR#1 and EAR#2, where:

      • We want to secure an EJB in EAR#2 with the same virtual security domain that was used to secure a servlet from EAR #1.

      AND

      • EAR#1 depends on EAR#2 being deployed first.

      EAR#2 needs the virtual SecurityDomain that's used to secure EAR#1 in order for deployment to succeed (since EJBSecurityDomainService#start relies on the SecurityDomain being available, it's not enough for just the virtual-security-domain resource to have been defined).

      Currently, the automatic creation of a virtual SecurityDomain doesn't happen until processing a deployment. Thus, if EAR#2 needs to be deployed before EAR#1, the virtual SecurityDomain associated with EAR#1 won't be available yet.

      We need to ensure a virtual SecurityDomain is created if necessary when an EJB references a virtual security domain.

      With this change, a test should also be added to OidcIdentityPropagationTestCase to ensure that an EJB in EAR#2 can successfully use a @SecurityDomain annotation to specify that it should be secured using the same virtual security domain used for EAR#1.

            fjuma1@redhat.com Farah Juma
            fjuma1@redhat.com Farah Juma
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: