The secured ejbs must also be secured under the java:/jaas/secured security-domain for this to work. You have added: <security-domain>java:/jaas/secured</security-domain>
to both the jboss-web.xml and jboss.xml descriptors? xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Panagiotis Korros" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 29, 2003 8:08 AM Subject: [JBoss-user] unathenticatedIdentity and JBoss 3.0.4-tomcat 4.x I have a web application with a restricted area and an unrestricted area. The structure is the following: /secure (webapp) /secure/admin/ (secure area accesible only by the admin role) /secure/admin/page1.jsp /secure/page2.jsp (accesible by everyone) page1.jsp and page2.jsp call the same ejb (marked us unchecked). when i call page1.jsp the system authenticates me and then everything works ok. when i call page2.jsp directly without being authenticated first I get the following error: java.lang.RuntimeException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null I used the unauthenticatedIdentity property but nothing changed. Any ideas or solutions about the problem would be very helpful! Korros Panagiotis. my login-config.xml contains: <application-policy name="secure"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy> ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user