Yeah, I tried stripping everything down and I couldn't find a way to secure the
remote interface only. Perhaps I'm doing something wrong, but the method in
this class, for example:
@Remote
@SecurityDomain("mydomain")
public interface RemoteTestEJB3InterfaceSecured extends
TestEJB3InterfaceSecured {
@RolesAllowed("admin")
void doSecure();
}
can be called by remote callers without having to authenticate, unless security
is also placed on the implementation bean.
I couldn't find a section of the spec that mentions this, either.
Kind of disappointing that I can't place security restrictions on remote
callers exclusively.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3960447#3960447
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3960447
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
