After debugging the jboss code, i found that the reason why the servlet is able to invoke the method on bean is because, somehow it is able to get the right role, which is required by the bean.
I put a breakpoint in the OILServerILService at the following line: | case OILConstants.AUTHENTICATE: | result = server.authenticate((String)in.readObject(), (String)in.readObject()); | break; Also, i placed a breakpoint in SecurityManager class: | public String authenticate(String user, String password) throws JMSException The value that gets passed on to the method is the user name and password(in my case "admin","adminPassword"). The role corresponding to "admin" has the privilege to invoke the method on bean. Hence i am able to access the bean. But, my question still remains as to how and where is this username and password obtained, to be passed on to the SecurityManager, since i havent mentioned any of these as parameters to the startup servlet. Can anyone please answer this. I have been trying to figure this out for the past few days. Thank you. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3893192#3893192 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3893192 ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user