Hi Alexander,
Which JBoss version do you use? I guess, 2.0.
I cannot tell you "why is this", :-)
but I believe that in CVS (version PRE-2.1) this flaw has been fixed.
Regards,
Oleg
Alexander Klyubin wrote:
> I fairly new to JAAS and jBoss implementation of EJB security. I managed to
> configure jBoss so that it check access to beans based on roles -- the
> standard way. It works fine, until I try to use the beans by clients, which
> never logged in (did not use any LoginContext). They are allowed calling all
> beans' all methods. Why is this?
> Alexander Klyubin
> --
> --------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> List Help?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
List Help?: [EMAIL PROTECTED]
