so this is what I tried: *renaming the "other" application policy of file login-config.xml (residing in the AS conf dir) to "mine" (in order to make sure that the default security domain "other" does not kick in)
*editing jboss-app.xml: <jboss-app> | <security-domain>java:/jaas/other</security-domain> | <loader-repository>name:app=ejb3</loader-repository> | </jboss-app> | *removing the @SecurityDomain annotation from my bean when I try this, all the roles defined in web.xml are allowed acces to my jsp files (this was expected). but all users get acces to my ejb bean. I define two roles in web.xml, but only one of those roles are mentioned in my ejb bean using the @RolesAllowed annotation. when I try with a user of the role not mentioned by @RolesAllowed while the "mine" security domain is not configured, all is fine: the user don't get to use the ejb bean. so what am I missing? is the ejb layer security being set aside just because I use another name for my security domain? hardly; it must be that I have configured something amis. but what? do you know, cgriffith? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959078#3959078 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959078 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
