anonymous wrote : To reiterate, I am expecting the call to the EJB method to fail as I have specified a non-existing roles in @RolesAllowed.
I should have noted this in your first post itself. Overlooked it though. Have you specified a security domain for the EJB either through annotation at class level or through the jboss.xml file? If you haven't then the EJB is NOT considered a secure one and the @RolesAllowed will be ignored. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981048#3981048 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981048 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
