> I'm not following what you meant in your original post about > "I get an exception one of each 3 times..."
Hit refresh -> ok Hit refresh -> ok Hit refresh -> Error 500 The error is thrown on any non-authenticated browser when there is an authenticated one open. If you don't authenticate anyone (if you only browse the public zone) there is no error. > of the unchecked EJB permission seems to be incorrect. Any > EJB given a method-permission requires an authenticated user. > The method-permissions define the roles the authenticated users > must have. A method-permission value of unchecked indicates that > any authenticated user may access the EJB, but the user still must be > authenticated. A servlet accessed via a URL that is not located under > a security-constraint will access EJBs as an unauthenticated > user(principal=null, credentials=null). Unless you have setup a > security-domain that is configured to map unauthenticated users to > a fixed principal name, any EJB call made by this servlet will fail with > the exception you show. MyAuthEntry { org.jboss.security.auth.spi.DatabaseServerLoginModule required dsJndiName="java:/CanplasticaDS" principalsQuery="SELECT PASSWORD AS Password FROM USUARIO WHERE ID=?" rolesQuery="SELECT ROLE AS Role, 'Roles' AS RoleGroup FROM ROLE WHERE USU_ID = ?" unauthenticatedIdentity="nobody" <-------------- ; }; Also the nobody user has a principal record, because if not it also wasn't allowed to access the app. _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development