[jboss-user] [Security & JAAS/JBoss] - Declarative security in JBoss - Annotations and XML file com

Thu, 12 Apr 2007 00:14:28 -0700 

Hello everybody

I have a problem with declarative security configuration in application. 
Finally I configured JAAS authentication/authorization for some of my EJB's 
using anntations like @SecurityDomain etc. It works properly.

I have configured login-config :

<application-policy name = "kusssdemo-policy">
  
    <login-module code = "org.jboss.security.ClientLoginModule" flag = 
"required"/>   
    <login-module code = 
"org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required" >     
         
        <module-option name="password-stacking">useFirstPass</module-option>
        <module-option name = "dsJndiName">java:/kusssdemo</module-option>
        <module-option name = "principalsQuery">...</module-option>
        <module-option name = "rolesQuery">...</module-option> 
        <module-option name="unauthenticatedIdentity">guest</module-option>     
                                         
    </login-module>                                                             
                    
                                                                                
      
</application-policy>
 
It's a swing application and I use custom ClientLoginModule to perform 
authentication (but for this case it doesn't matter I think)

But now I need to declare security in DD (ejb-jar.xml). I want to use the same 
roles, which I retrieve from DatabaseServerLoginModule to protect method from 
other EJB's.


my ejb-jar is : 
<ejb-jar>
....
<enterprise-beans>
      
         <ejb-name>DegreeBusinessLogicBean</ejb-name>   
         
<ejb-class>at.jku.kusss.degreemngt.degree.facade.DegreeBusinessLogicBean</ejb-class>
         <session-type>Stateless</session-type>
                 <security-identity>
            <run-as>
               <role-name>admin</role-name>
            </run-as>
         </security-identity>
      
   </enterprise-beans>
   <assembly-descriptor>
      <security-role>
        <role-name>admin</role-name>
      </security-role>
      <method-permission>
         <role-name>admin</role-name>
         
            <ejb-name>DegreeBusinessLogicBean</ejb-name>
            <method-name>*</method-name>
         
     </method-permission>
...
</ej-jar>

I'm using JBoss 4.2.0CR1 and I found that tag <security-role-ref> is not 
implemented yet.

my jboss.xml :


  
    <security-domain>java:/jaas/kusssdemo-policy</security-domain>
    <enterprise-beans>
      
        <ejb-name>DegreeBusinessLogicBean</ejb-name>
        <jndi-name>ejb/DegreeBusinessLogicBean</jndi-name>
      
    </enterprise-beans>
  


But it does not work, the EJB can access everybody. 

PLEASE can you help me, am I missing something?

Thanks an wish a nice day

David

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036615#4036615

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036615
_______________________________________________
jboss-user mailing list
[EMAIL PROTECTED]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to