[jboss-user] [EJB3] - Re: security in ejb3.1 using jboss 6.0 CR1

Wed, 15 Dec 2010 19:42:28 -0800 

aravind kopparthi [http://community.jboss.org/people/aravindsk] created the 
discussion

"Re: security in ejb3.1 using jboss 6.0 CR1"

To view the discussion, visit: http://community.jboss.org/message/576295#576295

--------------------------------------------------------------
good new and bad news. 

good news is : below configuration worked and over convention: i removed the 
@SecureDomain in the code. 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC
    "-//JBoss//DTD JBOSS 6.0//EN"
    " http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd 
http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd";>

<jboss>
 <security-domain>java:/jaas/javaee6-app</security-domain>
</jboss>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC
    "-//JBoss//DTD JBOSS 6.0//EN"
    " http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd 
http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd";>
 
<jboss>
<security-domain>java:/jaas/javaee6-app</security-domain>
</jboss>


i get the expected results when the non-business users calls the business method
org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: Caller 
unauthorized
     org.jboss.resteasy.core.SynchronousDispatcher.unwrapException(SynchronousDispatcher.java:329)
     org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:305)
     org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:198)
     org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:174)
     org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:518)
     org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:480)
     org.jboss.resteasy.core.SynchronousDispatcher.invokePropagateNotFound(SynchronousDispatcher.java:139)
     org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:211)
     org.jboss.resteasy.plugins.server.servlet.FilterDispatcher.doFilter(FilterDispatcher.java:59)
     org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67)


*root cause*

*
*


bad news is : stateless session bean can not have any extends : please clarify 
if it is a requirement that slsbs can not extend any classes please advise for 
any solution to make security work for slsb's that extend class/abstract class
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/576295#576295]

Start a new discussion in EJB3 at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]


_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to