All session bean implementations have the required @SecurityDomain("theDomain")
annotation.
What does not work is that once somebody has logged in, he can call any session
bean method, even those calling for a role he is not in.
This is in JBoss 4.0.3. This has worked fine before in EJB 2.1. My login code
and login-config.xml are all still the same.
Any idea what is going on? I did look at the EJB3 tutorial, again.
Thanks,
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3954875#3954875
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3954875
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
