I have a web application with a restricted area and an unrestricted area. The structure is the following:
/secure (webapp) /secure/admin/ (secure area accesible only by the admin role) /secure/admin/page1.jsp /secure/page2.jsp (accesible by everyone) page1.jsp and page2.jsp call the same ejb (marked us unchecked). when i call page1.jsp the system authenticates me and then everything works ok. when i call page2.jsp directly without being authenticated first I get the following error: java.lang.RuntimeException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null I used the unauthenticatedIdentity property but nothing changed. Any ideas or solutions about the problem would be very helpful! Korros Panagiotis. my login-config.xml contains: <application-policy name="secure"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy> ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user