Authorization denied for authenticated users when @PermitAll is used on EJB JAX-WS endpoint ------------------------------------------------------------------------------------------- Key: WFLY-3988 URL: https://issues.jboss.org/browse/WFLY-3988 Project: WildFly Issue Type: Bug Components: Web Services Affects Versions: 8.1.0.Final Reporter: Kyle Lape Assignee: Jim Ma Given this endpoint: {code:java} @Stateless @WebService(endpointInterface="com.redhat.gss.SecureEndpoint") @DeclareRoles({"a","b"}) @WebContext(contextRoot="/endpoint",urlPattern="/e",authMethod="BASIC") public class SecureEndpointE implements SecureEndpoint { @RolesAllowed({"a"}) public String a() { return "Success"; } @RolesAllowed({"b"}) public String b() { return "Success"; } @PermitAll public String c() { return "Success"; } } {code} One would expect any authenticated user to be able to invoke {{c()}}, but only users with a role found in {{@DelareRoles}} can invoke it.