run-as only sets the role for the caller. The caller still needs to be authenticated. If you want to allow anonymous callers you need to specify the unauthenticatedIdentity to pass the authentication step:
| <application-policy name = "other"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required"> | <module-option name = "unauthenticatedIdentity">guest</module-option> | </login-module> | </authentication> | </application-policy> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840974#3840974 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3840974 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
