[jboss-user] [JBoss Web Services] - Re: JBoss not honoring @PermitAll on EJB3 Endpoint
abhi0123
do-not-reply at jboss.com
Thu Apr 12 22:29:43 EDT 2012
abhi0123 [https://community.jboss.org/people/abhi0123] created the discussion
"Re: JBoss not honoring @PermitAll on EJB3 Endpoint"
To view the discussion, visit: https://community.jboss.org/message/729752#729752
--------------------------------------------------------------
I was slightly wrong. Apparently @PermitAll means all unauthorized, not all unauthenticated. It'd require a valid user but would accept any role. On the other hand, an unannotated method should allow unauthenticated access which isn't happening. Attached is a test project that demonstrates the problem. It depends on a remote JBoss AS 7 instance with the following users-*.properties files:
Abhijit$ tail -5 application-users.properties
1. is for illustration only and does not correspond to a usable password.
#
#admin=2a0923285184943425d1f53ddd58ec7a
user=8544a03c79aee5b1c99458d83ee0f9e0
guest=1bb6b7c18b5c1dab17f5141fa398905a
Abhijit$ tail -5 application-roles.properties
#
#admin=PowerUser,BillingAdmin,
#guest=guest
user=AppUser
guest=AppGuest
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/729752#729752]
Start a new discussion in JBoss Web Services at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120412/296a3ace/attachment-0001.html
More information about the jboss-user
mailing list