Hi Scott,
Thanks for the answer I think that worked for me.
Now I have a different problem. I wrote a little test where I have an
authenticated user with roles assigned to it which will try to call a
bean method that is unsecured <unchecked/> (in this case create() is
unchecked as well) and fails with this exception on the client side:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
Insufficient method permissions, principal=admin1#XON,
method=create, interface=HOME, requiredRoles=[<ANYBODY>],
principalRoles=[rejectVoidTrades$, amendTradesFO$, readDateSequences$,
readParties$, createUnverifiedTradesBO$, readBal
Sebastian
> -----Original Message-----
> From: Scott M Stark [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 23, 2003 7:54 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-user] <unchecked/> method security fails
>
>
>
> Unchecked in JBoss does not mean anonymous by default. A
> caller still must be authenticated, but there will be no
> authorization check. If you want to allow anonymous access to
> an unchecked ejb you need to configure the security domain
> login modules to allow this. Most JBoss login modules support
> this using the unauthenticatedIdentity module option so read
> up on that.
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
