ah that's quiet another story, I described securing a web app, not ejb's. You must annotate the EJB's with the security domain and allowed roles, like this: (assuming you work with EJB3 that is) @Stateless() | @SecurityDomain("exampleDomain") | public class MyBean implements MyBeanRemote { | /** | * allowed to everyone | */ | @PermitAll() | public String getSimpleString() { | return "unsecure"; | } | | /** | * Only 'admin' role allowed | */ | @RolesAllowed({"Admin"}) | public String getAdvancedString() { | return "secured"; | } | } I'm not experienced with remote clients, all my clients are local... Someone else has to fill in that part.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4019216#4019216 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4019216 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user