Believe it or not, #1 seems to be working for me. I have a SecurityDomain annotation in one of my EJBs and one of its methods has no RolesAllowed annotation, and I can call that method in the EJB without authentication. Just a regular NamingContext lookup.
Maybe the AOP joinpoints don't get applied to methods that don't have the RolesAllowed annotation, and so the SecurityDomain is never considered, and so no creds are necessary. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955098#3955098 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955098 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
