Hi Scott, Thanks for the answer I think that worked for me. Now I have a different problem. I wrote a little test where I have an authenticated user with roles assigned to it which will try to call a bean method that is unsecured <unchecked/> (in this case create() is unchecked as well) and fails with this exception on the client side: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Insufficient method permissions, principal=admin1#XON, method=create, interface=HOME, requiredRoles=[<ANYBODY>], principalRoles=[rejectVoidTrades$, amendTradesFO$, readDateSequences$, readParties$, createUnverifiedTradesBO$, readBal
Sebastian > -----Original Message----- > From: Scott M Stark [mailto:[EMAIL PROTECTED] > Sent: Monday, June 23, 2003 7:54 PM > To: [EMAIL PROTECTED] > Subject: Re: [JBoss-user] <unchecked/> method security fails > > > > Unchecked in JBoss does not mean anonymous by default. A > caller still must be authenticated, but there will be no > authorization check. If you want to allow anonymous access to > an unchecked ejb you need to configure the security domain > login modules to allow this. Most JBoss login modules support > this using the unauthenticatedIdentity module option so read > up on that. ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user