Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-10342

Unsecured EJB causes "Multiple security domains" exception

    Details

    • Steps to Reproduce:
      Hide

      1. Configure wildfly to use elytron for EJB:

      /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain)
      /subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain)
      

      2. Create deployment with following EJBs:

      @Stateless
      public class EjbUnsecured { ... }
      

      @Stateless
      @RolesAllowed("admin")
      @SecurityDomain("other2")
      public class EjbSecured { ... }
      

      3. Try to deploy - deploying will fail with mentioned exception.

      Show
      1. Configure wildfly to use elytron for EJB: /subsystem=ejb3/application-security-domain=other:add(security-domain=ApplicationDomain) /subsystem=ejb3/application-security-domain=other2:add(security-domain=ApplicationDomain) 2. Create deployment with following EJBs: @Stateless public class EjbUnsecured { ... } @Stateless @RolesAllowed("admin") @SecurityDomain("other2") public class EjbSecured { ... } 3. Try to deploy - deploying will fail with mentioned exception.

      Description

      When trying to deploy deployment containing following two EJBs, secured and unsecured, deploying fails with "Multiple security domains not supported" exception:

      21:16:30,089 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: org.jboss.msc.service.StartException in service jboss.deployment.unit."ejb-deployment-1.0-SNAPSHOT.war".POST_MODULE: WFLYSRV0153: Failed to process phase POST_MODULE of deployment "ejb-deployment-1.0-SNAPSHOT.war"
      	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:150)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1714)
      	at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1693)
      	at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1540)
      	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
      	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
      	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0490: Multiple security domains not supported
      	at org.jboss.as.ejb3.deployment.processors.EJBDefaultSecurityDomainProcessor.deploy(EJBDefaultSecurityDomainProcessor.java:99)
      	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:143)
      	... 8 more
      

      This behavior was in JBEAP-9289 considered correct for situation when one EJB references one security domain and the second references second security domain.
      It seems unsecured EJB is considered to be using default security domain.

      Workaround: Need to set unsecured bean secured by adding:

      @PermitAll
      @SecurityDomain("other2") // the same as for secured ejb
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  honza889 Jan Kalina
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: