herb [https://community.jboss.org/people/herb] created the discussion "Re: @javax.annotation.security.RolesAllowed on EJBs does not work" To view the discussion, visit: https://community.jboss.org/message/647945#647945 -------------------------------------------------------------- I tried @RolesAllowed("BAD") and also @DenyAll does not work as expected (methods are invoked). I added my simple test.war. Due to I'm a JBoss beginner, maybe I'm missing some basic stuff. Here's the security-domain part of standalone.xml, which is referenced in the war: <security-domain name="formauth" cache-type="default">     <authentication>     <login-module code="UsersRoles" flag="required">         <module-option name="usersProperties" value="defaultUsers.properties"/>         <module-option name="rolesProperties" value="defaultRoles.properties"/>     </login-module>     </authentication> </security-domain> Thanks, herb -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/647945#647945] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]