EAP6 fall back to security-domain "other"
Issue
-
Does EAP-6 fallback to
"other"security-domain when a misspelled security domain is encountered in jboss-web.xml ? -
If the name of security-domain specified in jboss-web.xml doesn't exist in the security subsystem, the WAR deployment is stopped with the following error :
19:47:44,658 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) JBAS015876: Starting deployment of "FormBasedSecurity.war" (runtime-name: "FormBasedSecurity.war")
19:47:45,105 ERROR [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS015870: Deploy of deployment "FormBasedSecurity.war" was rolled back with the following failure message: {"JBAS014771: Services with missing/unavailable dependencies" => ["jboss.web.deployment.default-host./FormBasedSecurity.realm is missing [jboss.security.security-domain.secure1111]"]}
19:47:45,123 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) JBAS015877: Stopped deployment FormBasedSecurity.war (runtime-name: FormBasedSecurity.war) in 18ms
- What happens if a security-domain is not specified in the web-application's jboss-web.xml and have the following configuration in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>MySecuredResource-1</web-resource-name>
<url-pattern>/secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>someRole</role-name>
</auth-constraint>
</security-constraint>
...
<login-config>
<auth-method>FORM</auth-method>
...
</login-config>
...
<security-role>
<role-name>someRole</role-name>
</security-role>
Environment
- JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
