Using secured and unsecured beans

Hi all,

as described here (https://coderanch.com/t/620676/JBoss/Custom-Login-Module-EAP-JBoss) we use a custom login module within JBoss EAP. Now I'm facing some problems when invoking an EJB that is not part of the security domain.

Short config from standalone-full.xml:

Security realms
<security-realms> ... <security-realm name="Lbd3Realm"> <authentication> <jaas name="LBD-domain"/> </authentication> </security-realm> </security-realms>

Ejb3
<subsystem xmlns="urn:jboss:domain:ejb3:1.4"> ... <default-security-domain value="LBD-domain"/> <default-missing-method-permissions-deny-access value="false"/> </subsystem>

Remoting
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="Lbd3Realm" /> </subsystem>

SecurityDomain
<subsystem xmlns="urn:jboss:domain:security:1.2"> <security-management deep-copy-subject-mode="true"/> <security-domains> <security-domain name="LBD-domain" cache-type="default"> <authentication> <login-module code="............LoginModule" flag="required" module="deployment.......sar"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="principalClass" value="...."/> <module-option name="debug" value="true"/> </login-module> </authentication> <authorization> <policy-module code=".................AuthorizationModule" flag="required"/> </authorization> </security-domain> ...

If I don't change ApplicationRealm to my own realm, our LoginModule is not invoked!

We have beans with

@SecurityDomain(value = "LBD-domain")

and beans without that annotation.

What we want to archieve is, that we can invoke some beans without being an authenticated user. Do we have a chance to do this? Or do I have to use some dummy user for those beans? (That would mean to user two different users in my client application. The user [identified by username and password] himself and the dummy user. So I'd need two different login contexts. (??)

Any hints?