[jboss-user] [Security & JAAS/JBoss] - @RolesAllowed ignored?
jjonphl
do-not-reply at jboss.com
Wed Sep 12 02:16:42 EDT 2007
I am using jboss 4.2.1.GA. I have the ff session bean
| @RolesAllowed({"authenticated"})
| @Stateless
| @Remote({AccountRDAO.class})
| public class AccountRDAOAction extends RDAOAction
| implements AccountRDAO, Serializable
| {
|
| ...
|
| }
|
I defined the ff policy in login-config.xml:
| <application-policy name="mypolicy">
| <authentication>
| <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name="unauthenticatedIdentity">anonymous</module-option>
| <module-option name = "dsJndiName">java:/itranscribe-ds</module-option>
| <module-option name = "principalsQuery">select password from logins where username=?</module-option>
| <module-option name = "rolesQuery">
| select 'authenticated' as Role, 'Roles' as RoleGroup where length(?) > 0
| </module-option>
| </login-module>
|
| </authentication>
| </application-policy>
|
It is driving me nuts why I can still access the methods of the supposedly protected bean. I tried annotating the methods and still the same.
Thanks,
M. Manese
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4083279#4083279
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4083279
More information about the jboss-user
mailing list