oasuncion
commented
1 year ago It is now done, this ticket will be part of the v2.0.0.
Closed oasuncion closed 1 year ago
oasuncion
commented
1 year ago It is now done, this ticket will be part of the v2.0.0.
Several EJBs are not properly annotated yet, so they don't follow the required authentication/authorization model. Authentication is required to access EJBs and, once authenticated, a user can access all the exposed methods of the EJB. In order to implement this model, EJBs must be annotated with @PermitAll and @SecurityDomain(value = "other"), see for example BondTradeServiceBean. In addition, we must ensure that all Business delegates call services using SecurityUtil.run/SecurityUtil.runEx, so credentials are passed to the server. BondTradeBusinessDelegate can be checked to see an illustration of correct calls.
Environment: