View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3821533#3821533
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3821533 I have a ejb method "M1" that run as role "A", this method call another ejb method "M2" that require role "B". I have set a unauthenticatedIdentity in the login-config.xml to user "MyUser" and set roles for this user to "A" and "B" (in user and role properties). But when the first method (M1) try to call methos M2 an exception occurs. java.lang.SecurityException: Insufficient method permissions, runAsRole=A, method=create, interface=HOME, requiredRoles=[B] I have check the user retrieved using the getCallerPrincipal and this is correct.. the response is "MyUser".. the same set as unauthenticatedIdentity . What append ? or how unauthenticatedIdentity works ? Any workaround ? Also i have try to set as unauthenticatedIdentity a non existing user... and.. suprise... this user is used but the same exception occurs... So i think that the unauthenticatedIdentity jboss doesn't retrieve roles, but use only the role in the Run-As clause Ty ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
