Thanks, I will try that. I was trying to get the create method to have unchecked permission, that should work as well, should it not?
I still have the question of why the unauthenticatedIdentity is not working, when I get principal=null instead of guest in my original post (where the web user is not authenticated and I set the unauthenticatedIdentity to guest). I am also not clear on the difference between 1. the unauthenticatedIdentity option in the authentication policy (login-conf.xml) and 2. the unauthenticated-principal element in the jboss.xml file Neither one of these seem to be doing anything. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3928083#3928083 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3928083 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user