6 Replies Latest reply: Apr 5, 2012 2:05 AM by Serkan Yıldırım RSS

How to secure one EJB and leave another unsecured for remoting on JBoss 7.1

Jan Snelders Newbie

From this thread and the answers from Darran Lofthouse I understand that to be able to secure an EJB you must at least secure the remoting connector.
(security-realm="ApplicationRelam" parameter on the tag '<connector name="remoting-connector" socket-binding="remoting" security-realm="AguraRealm"/>' in standalone.xml)

 

So the question arises: If I would like to allow remote unauthenticated access to EJB-One but would like to secure EJB-Two (by annotating it with an @SecurityDomain for example), is that even possible?

 

If I need to secure the remoting connector just to be able to secure EJB-Two, I can't have unauthenticated access to EJB-One. If I remove the security-realm="ApplicationRealm" from remoting connector to allow unautenticated access to EJB-One, any authentication credentials will never reach login module configured for the @SecurityDomain to secure EJB-Two as explained in the earlier mentioned forum thread (if I understood that discussion correctly).

 

So is this use case covered or just not possible in JBoss 7.1.x?