I am using jboss 4.2.1.GA. I have the ff session bean
| @RolesAllowed({"authenticated"})
| @Stateless
| @Remote({AccountRDAO.class})
| public class AccountRDAOAction extends RDAOAction
| implements AccountRDAO, Serializable
| {
|
| ...
|
| }
|
I defined the ff policy in login-config.xml:
| <application-policy name="mypolicy">
| <authentication>
| <login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option
name="unauthenticatedIdentity">anonymous</module-option>
| <module-option name =
"dsJndiName">java:/itranscribe-ds</module-option>
| <module-option name = "principalsQuery">select password from
logins where username=?</module-option>
| <module-option name = "rolesQuery">
| select 'authenticated' as Role, 'Roles' as RoleGroup where
length(?) > 0
| </module-option>
| </login-module>
|
| </authentication>
| </application-policy>
|
It is driving me nuts why I can still access the methods of the supposedly
protected bean. I tried annotating the methods and still the same.
Thanks,
M. Manese
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083279#4083279
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4083279
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
