I'm not following what you meant in your original post about "I get an exception one of each 3 times...", but your understanding of the unchecked EJB permission seems to be incorrect. Any EJB given a method-permission requires an authenticated user. The method-permissions define the roles the authenticated users must have. A method-permission value of unchecked indicates that any authenticated user may access the EJB, but the user still must be authenticated. A servlet accessed via a URL that is not located under a security-constraint will access EJBs as an unauthenticated user(principal=null, credentials=null). Unless you have setup a security-domain that is configured to map unauthenticated users to a fixed principal name, any EJB call made by this servlet will fail with the exception you show.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Ignacio Coloma" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 5:01 PM Subject: RE: [jetty-discuss] [Fwd: [JBoss-dev] Authentication with Jetty] > > Just to back up what Jan said.... > > > > If you want to access beans that have security constraints, then > > currently the URL must be one that has an authentication-constraint > > specified. > > > > The happenstance that a browser is actually sending basic authentication > > information to a non-authenticated URL is not enough to trigger a > > call to the JBoss authentication mechanisms. You must have an > > authentication > > constraint. > > > > Do you see a need for it to be any different to this? > > If (as is my case) I want the data processing to be different depending if > the access is being made by the 'default' user (configurable in auth.conf) > or by an authenticated user. If you want to put names to concepts, I want > the general public to see which services and items are being offered, but > not the prices. But if you are a customer, I want to show the prices out. > > Maybe I'm misunderstanding my exception, but if I got it right, an bean > marked as <unchecked/> is throwing a "Authentication exception, > principal=null", something that should not happen. > > At least, if it decides to happen, happen everytime, but not sometimes. > > I insist that this could be my fault, sometimes has been, let me see it when > my work agenda lets me some time. > _______________________________________________ Jboss-development mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-development