I decided I should go a little further with this and check that the EJB security domain worked as expected rather than defaulting to "other", even though we aren't using EJB permissions yet.
It turns out the steps outlined previously work for securing the web pages of the app -- but to have the EJB security domain work as expected, in jboss.xml I need | <security-domain>webappDomain</security-domain> | rather than the expected | <security-domain>java:/jaas/webappDomain</security-domain> | I think this might explain problems like this: [url] http://forum.java.sun.com/thread.jspa?threadID=773530 [/url] Since this is contrary to the documentation, I would consider this a serious bug. I will open a JIRA case (though I don't have a good simple test case, I'm afraid.) I am running in clustered mode, could that possibly have anything to do with it? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4006417#4006417 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4006417 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
