Hi Wolfgang and Anil Thank you for your replies. I changed the client login as mentioned in the thread: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=144865]
Unfortunately, it didn't solve the problem. May the problem is related to how my custom login module passes the roles back to the JAAS framework. According this blog: http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/] the way of passing roles are JBoss specific. May I have to pass it differently when using standard JAAS client login without the SecurityClient. The code is: | if (!subject.getPrincipals().contains(user)) | { | subject.getPrincipals().add(user); | | /** | * this is the important part to work with JBoss: | * jboss requires the name 'Roles' | */ | SimpleGroup group = new SimpleGroup("Roles"); | for (SimplePrincipal role : roles) | { | group.addMember(role); | } | | subject.getPrincipals().add(group); | } | The login itself works fine. The security exception is thrown when the client invokes a method from the session bean. Regards, Ralf View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236388#4236388 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4236388 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
