abhi0123 [https://community.jboss.org/people/abhi0123] created the discussion
"Re: JBoss not honoring @PermitAll on EJB3 Endpoint" To view the discussion, visit: https://community.jboss.org/message/729752#729752 -------------------------------------------------------------- I was slightly wrong. Apparently @PermitAll means all unauthorized, not all unauthenticated. It'd require a valid user but would accept any role. On the other hand, an unannotated method should allow unauthenticated access which isn't happening. Attached is a test project that demonstrates the problem. It depends on a remote JBoss AS 7 instance with the following users-*.properties files: Abhijit$ tail -5 application-users.properties 1. is for illustration only and does not correspond to a usable password. # #admin=2a0923285184943425d1f53ddd58ec7a user=8544a03c79aee5b1c99458d83ee0f9e0 guest=1bb6b7c18b5c1dab17f5141fa398905a Abhijit$ tail -5 application-roles.properties # #admin=PowerUser,BillingAdmin, #guest=guest user=AppUser guest=AppGuest -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/729752#729752] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
