It would be extremely useful to get the trace logging from JBoss' security layer. Without that I can only guess what is going on. My guess is that a null username and password is getting passed to DatabaseServerLoginModule, since you have not authenticated the web session. Since the username and password are null, the DSLM is assigning the principal = 'nobody'. However, I am not sure what role is getting assigned. That is why I need to see logging.
Also, If you are not going to authenticate at the web layer, what is your plan for authenticate/authorize at the EJB level? cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3952760#3952760 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3952760 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
