I'm having a similar problem. I've got a session bean with some authenticated methods and some unchecked methods. They're correct (as far as I can tell) in ejb-jar.xml:
| <method-permission id="MethodPermission_7"> | <description><![CDATA[description not supported yet by ejbdoclet]]></description> | <unchecked/> | <method id="MethodElement_7"> | <description><![CDATA[]]></description> | <ejb-name>ScrumWorksEJB</ejb-name> | <method-intf>ServiceEndpoint</method-intf> | <method-name>getTest</method-name> | <method-params> | </method-params> | </method> | </method-permission> | <method-permission id="MethodPermission_8"> | <description><![CDATA[description not supported yet by ejbdoclet]]></description> | <role-name>Team Member</role-name> | <method id="MethodElement_8"> | <description><![CDATA[]]></description> | <ejb-name>ScrumWorksEJB</ejb-name> | <method-intf>ServiceEndpoint</method-intf> | <method-name>getAuthenticatedTest</method-name> | <method-params> | </method-params> | </method> | </method-permission> | This is in the jboss.xml: | <security-domain>java:/jaas/ScrumWorks</security-domain> | <unauthenticated-principal>guest</unauthenticated-principal> | and my login-config.xml seems correct: | <application-policy name="ScrumWorks"> | <authentication> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> | <module-option name="dsJndiName">java:/jdbc/ScrumWorksDS</module-option> | <module-option name="principalsQuery"> | SELECT password FROM userejb WHERE userName=? | </module-option> | <module-option name="rolesQuery"> | SELECT r.roleName as name, 'Roles' | FROM userejb u, roleejb r, userejb_roles_roleejb_users ur | WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND u.userName=? | </module-option> | <module-option name="unauthenticatedIdentity">guest</module-option> | </login-module> | </authentication> | </application-policy> | But when I try to call a method that is marked as "unchecked", I get a 401 error authorization failure. This seemed like a Tomcat error, so I tried chaning the default security domain: | <attribute name="DefaultSecurityDomain">java:/jaas/ScrumWorks</attribute> | which didn't help either. The server.log file contains: | 2006-03-07 10:32:24,027 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=guest | 2006-03-07 10:32:24,028 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'guest' authenticated, loginOk=true | 2006-03-07 10:32:24,028 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true | 2006-03-07 10:32:24,028 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: SELECT r.roleName as name, 'Roles' | FROM userejb u, roleejb r, userejb_roles_roleejb_users ur | WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND u.userName=?, username: guest | 2006-03-07 10:32:24,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction | 2006-03-07 10:32:24,041 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: SELECT r.roleName as name, 'Roles' | FROM userejb u, roleejb r, userejb_roles_roleejb_users ur | WHERE u.userId=ur.userejb AND r.roleId=ur.roleejb AND u.userName=?, with username: guest | 2006-03-07 10:32:24,085 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] No roles found | 2006-03-07 10:32:24,086 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction | 2006-03-07 10:32:24,088 TRACE [org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] defaultLogin, [EMAIL PROTECTED], subject=Subject(19164996).principals=org.jboss.securi | [EMAIL PROTECTED](guest)[EMAIL PROTECTED](Roles(members)) | 2006-03-07 10:32:24,088 TRACE [org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] updateCache, inputSubject=Subject(19164996)[EMAIL PROTECTED](guest)org.jboss.se | [EMAIL PROTECTED](Roles(members)), cacheSubject=Subject(17103032)[EMAIL PROTECTED](guest)[EMAIL PROTECTED](Roles(members)) | 2006-03-07 10:32:24,089 TRACE [org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] Inserted cache info: [EMAIL PROTECTED](17103032).principals=o | [EMAIL PROTECTED](guest)[EMAIL PROTECTED](Roles(members)),credential.class=null,expirationTime=1141758128525] | 2006-03-07 10:32:24,089 TRACE [org.jboss.security.plugins.JaasSecurityManager.ScrumWorks] End isValid, true | 2006-03-07 10:32:24,097 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: guest | Principal: Roles(members) | , [EMAIL PROTECTED],subject=31392528} | 2006-03-07 10:32:24,100 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-03-07 10:32:24,122 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-03-07 10:32:24,122 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, [EMAIL PROTECTED],subject=31392528} | 2006-03-07 10:32:24,142 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null | and | 2006-03-07 11:00:27,241 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /scrumworks-api/scrumworks | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[ScrumWorksEndpoint]' against POST /scrumworks --> true | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[ScrumWorksEndpoint]' against POST /scrumworks --> true | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() | 2006-03-07 11:00:27,242 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test | 2006-03-07 11:00:27,242 TRACE [org.jboss.security.SecurityAssociation] clear, server=true | It seems to be ok with the unauthenticatedIdentity, but then rejects access anyway. Any help someone could provide would be great. I've read the FAQs and searched forums and google and can't seem to let me call non-authenticated methods without authenticating. Thanks, Eric View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3928570#3928570 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3928570 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user