Do You set a security-domain in jboss.xml ? Look at the article http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html
Annegret -----Ursprüngliche Nachricht----- Von: Dhruva B. Reddy [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 15. Januar 2002 19:01 An: JBoss Users Mailing List Betreff: [JBoss-user] Not getting SecurityExceptions as expected I am running the JBoss 2.4.4/Tomcat 4.0.1 integrated package, and I have configured method permissions for my session beans. I access them with a client that does not make any attempt to go through authentication. I have the following in my ejb-jar.xml file: <security-role> <description>Employees</description> <role-name>employee</role-name> </security-role> <security-role> <description>Everyone</description> <role-name>everybody</role-name> </security-role> <method-permission> <role-name>employee</role-name> <method> <ejb-name>Catalog</ejb-name> <method-name>*</method-name> </method> </method-permission> <method-permission> <role-name>everybody</role-name> <method> <ejb-name>ShoppingCart</ejb-name> <method-name>*</method-name> </method> </method-permission> Catalog is a stateless session bean, and ShoppingCart is a stateful session bean. Since the application does not know which role the client is running under, I would expect a security exception when I call a method on either of these beans. However, everything executes normally. This is all I was able to get out of the documentation. Am I missing something else? Thanks, Dhruva _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user