I did a little source code searching and found that the exception is thrown by the org.jboss.ejb.plugins.SecurityInterceptor.
The exact piece of code that fails is | // Check if the caller is allowed to access the method | if (methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL) == false) | { | // The caller is using a the caller identity | if (callerRunAsIdentity == null) | { | // Now actually check if the current caller has one of the required method roles | if (realmMapping.doesUserHaveRole(principal, methodRoles) == false) | { | Set userRoles = realmMapping.getUserRoles(principal); | String method = mi.getMethod().getName(); | BeanMetaData beanMetaData = container.getBeanMetaData(); | String msg = "Insufficient method permissions, principal=" + principal | + ", ejbName=" + beanMetaData.getEjbName() | + ", method=" + method + ", interface=" + iface | + ", requiredRoles=" + methodRoles + ", principalRoles=" + userRoles; | SecurityException e = new SecurityException(msg); | throw e; | } | } | I was unable to debug any further as RealmMapping is an interface and am not sure which Impl class is actually working durign runtime. Also what baffles me most is that the exception indicates that I am not in role but the message in the exception clearly shows that I am indeed in the role. Any pointers? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3888125#3888125 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3888125 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user