900349 – (JBPAPP6-1583) Allow @RolesAllowed and @DeclareRoles on JAXWS EJB be declared in descriptor(ejb-jar.xml or jboss.xml)

Bug 900349 (JBPAPP6-1583) - Allow @RolesAllowed and @DeclareRoles on JAXWS EJB be declared in descriptor(ejb-jar.xml or jboss.xml)

Summary: Allow @RolesAllowed and @DeclareRoles on JAXWS EJB be declared in descriptor(...

Keywords:
Status:	CLOSED WORKSFORME
Alias:	JBPAPP6-1583
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	unspecified
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/JBP...
Whiteboard:	jboss-as security web_services
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-05-02 14:29 UTC by Adam Kovari
Modified:	2017-02-20 16:03 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	JBoss Enterprise Application Platform 5.1.2
Last Closed:	2017-02-20 16:03:43 UTC
Type:	Feature Request
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBPAPP6-1583	0	Minor	Closed	Allow @RolesAllowed and @DeclareRoles on JAXWS EJB be declared in descriptor(ejb-jar.xml or jboss.xml)	2017-02-20 19:56:05 UTC

Description Adam Kovari 2012-05-02 14:29:58 UTC

project_key: JBPAPP6

When "strict" is set in allRolesMode in server.xml Realm, then authentication roles can only be set using annotations @DeclareRoles and @RolesAllowed.
The documentation on [1] says that this can be configured also using sun-ejb-jar.xml, we should have this option also in JBoss descriptors.

STRICT_MODE
Use the strict servlet spec interpretation which requires that the user have one of the web-app/security-role/role-name

When using JAXWS EJB endpoints, this can be achieved using @DeclareRoles annotation, see:
http://docs.oracle.com/javaee/5/tutorial/doc/bncav.html#bncaw

Comment 1 Adam Kovari 2012-05-02 14:30:51 UTC

Link: Added: This issue is related to JBPAPP-8890

Comment 2 Adam Kovari 2012-05-02 14:30:53 UTC

the original bug case

Comment 3 baranowb 2012-05-15 14:21:58 UTC

Link: Added: This issue depends LOGTOOL-48

Comment 4 baranowb 2012-05-15 14:22:11 UTC

Link: Removed: This issue depends LOGTOOL-48

Comment 5 Anne-Louise Tangring 2012-11-13 21:13:21 UTC

Docs QE Status: Removed: NEW

Comment 10 Brad Maxwell 2017-02-20 16:03:43 UTC

This looks like it was fixed a while back, if there is a new issue, please open an upstream jira

Note You need to log in before you can comment on or make changes to this bug.