Container-provided security role "**" (EJB 3.2) not working ----------------------------------------------------------- Key: SECURITY-878 URL: https://issues.jboss.org/browse/SECURITY-878 Project: PicketBox Issue Type: Bug Affects Versions: PicketBox_4_0_21.Final Reporter: Jan Martiska Assignee: Stuart Douglas EJB 3.2 12.3.1 Security Roles: {quote} A security role with the name “**” is defined by the Container, and is intended to be used by the Bean Provider, Application Assembler, or Deployer to indicate that the caller must log on or authenticate to invoke a method or to perform some processing requiring membership in this container role. This con- tainer security role indicates that authentication, without consideration of role membership, is required. {quote} This doesn't seem to work in WildFly 9.0.0.Beta1. An authenticated user trying to invoke methods annotated @PermitAll("**") gets an EJBAccessException. I started preparing tests for this behavior at https://github.com/jmartisk/wildfly/commits/master-ejb32tests-starrole It causes failures in: InherritanceAnnSFSBTestCase.testSingleMethodAnnotationsUser1 InherritanceAnnSLSBTestCase.testSingleMethodAnnotationsUser1 InjectionAnnSFSBtoSFSBTestCase.testSingleMethodAnnotationsUser1 InjectionAnnSFSBtoSLSBTestCase.testSingleMethodAnnotationsUser1 InjectionAnnSLSBtoSFSBTestCase.testSingleMethodAnnotationsUser1 InjectionAnnSLSBtoSLSBTestCase.testSingleMethodAnnotationsUser1 SingleMethodsAnnSFSBTestCase.testSingleMethodAnnotationsUser1 SingleMethodsAnnSLSBTestCase.testSingleMethodAnnotationsUser1