I configured my log4j with the details, but did not receive any log of
concern..
---------------------------------------------------------------------------------
My login-config.xml snippet is given below
<application-policy name = "SecurityPolicy">
<login-module code = "org.jboss.security.ClientLoginModule" flag =
"required">
<module-option
name="unauthenticatedIdentity">defaultuser</module-option>
<!-- Any existing security context will be restored on
logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
<login-module code="com.temp.component.security.LoginCheck" flag =
"required">
<module-option
name="unauthenticatedIdentity">defaultuser</module-option>
<!-- Any existing security context will be restored
on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</application-policy>
---------------------------------------------------------------------------------
content of the jboss.xml within my ear
<security-domain>java:/jaas/SecurityPolicy</security-domain>
---------------------------------------------------------------------------------
content of the jboss-web.xml in the war file within my ear
<jboss-web>
<security-domain
flushOnSessionInvalidation="true">java:/jaas/SecurityPolicy</security-domain>
</jboss-web>
---------------------------------------------------------------------------------
I have defined the role as @RolesAllowed("WRONG_ROLE__FOR_FAILURE") for my ejb
session bean method. There is no such role, but still i can access the method..
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4261440#4261440
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4261440
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user