Discussions

General J2EE: Problem trying to bypass security setting in JBoss 3.2.3

  1. I have deployed an application on JBoss 3.2.3 which uses the login module of JBoss. Now for testing some particular functionality of the application, I need to bypass (dont want logins) the login. What I did was that I eliminated the scurity-domain in jboss-web.xml, so the following line

    <security-domain>java:/jaas/http-invoker</security-domain>

    became

    <security-domain></security-domain>

    I also commented a few url-patterns and http-methods in security constraint in web.xml. By doing this I didnt get the login dialog but when I clicked on some link which used the EJBs, an authentication exception was thrown with principal = null.

    I tried commenting all security-role-ref tags and role-name tags in method-permission in ejb-jar.xml but that caused exception at server start up.

    Anyone has any idea what I am doing wrong or any solution to the problem.

    Thanx in advance.
  2. Hi,

    I think you have to disable security in both the web module (by removing or commenting the security-domain element in the jboss-web.xml as you already did) AND the EJB module. The latter is done in jboss.xml, where you also have to comment out/remove the security-domain element.

    Hope that helps,

    René
  3. Hi,

    Thanx for the prompt reply. Yes you are right about disabling security in EJB module. It helped but I have a new problem :). If possible pl check out the new thread 'How to use an unauthenticated user in JBoss' under General J2EE.

    thanx once again

    Fahd