Hi Scott,

Thanks for the answer I think that worked for me.
Now I have a different problem.  I wrote a little test where I have an
authenticated user with roles assigned to it which will try to call a
bean method that is unsecured <unchecked/> (in this case create() is
unchecked as well) and fails with this exception on the client side:
 
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
        Insufficient method permissions, principal=admin1#XON,
method=create, interface=HOME, requiredRoles=[<ANYBODY>],
 principalRoles=[rejectVoidTrades$, amendTradesFO$, readDateSequences$,
readParties$, createUnverifiedTradesBO$, readBal

Sebastian

> -----Original Message-----
> From: Scott M Stark [mailto:[EMAIL PROTECTED] 
> Sent: Monday, June 23, 2003 7:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-user] <unchecked/> method security fails
> 
> 
> 
> Unchecked in JBoss does not mean anonymous by default. A 
> caller still must be authenticated, but there will be no 
> authorization check. If you want to allow anonymous access to 
> an unchecked ejb you need to configure the security domain 
> login modules to allow this. Most JBoss login modules support 
> this using the unauthenticatedIdentity module option so read 
> up on that.


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to