The only way I got this to work is to package my own WAR with a web.xml and jboss-web.xml with the correct security nodes in each. The auto-generated WAR that JBossWS created for EJB3 endpoints doesn't seem to create anything other than the servlet and servlet-mapping nodes in the web.xml file. You need to also have the security-constraint, login-config, and [I think] security-role nodes in the web.xml file too. When I created by own (basically empty) WAR with that information, my EJB3 endpoints had the Principal object and handled role checking (via the @RolesAllowed annotation). Perhaps something along these lines will solve your problem.
I haven't reported this as a bug because I'm new to JBossWS and hope that someone tells me the correct annotation to use in order for the generated WAR file that JBossWS creates to have all the security nodes as well. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975934#3975934 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975934 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user