EJB3 container does not honour security annotations --------------------------------------------------- Key: JBAS-6563 URL: https://jira.jboss.org/jira/browse/JBAS-6563 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: Security Affects Versions: JBossAS-4.2.3.GA Environment: Sun OS 5.11 snv_79a, Sun jdk 1.6, JBoss 4.2.3 for JDK 1.6, Eclipse Ganymede Reporter: Karel Gardas Assignee: Anil Saldhana Hello, I'm using the following code as a testcase for EJB3-WS security. package demo; import javax.annotation.security.RolesAllowed; import javax.annotation.security.DenyAll; import javax.ejb.Stateless; import javax.jws.WebService; @WebService @Stateless //@RolesAllowed ("Person") public class HelloBean3 { public HelloBean3() { } @DenyAll public String sayHello() { return "EJB3x: Hello my callee!"; } } unfortunately when it's deployed to the JBoss 4.2.3 AS, it does not deny any requests to sayHello operation, but runs them happily. I'm using web service client developed in Eclipse using Axis: package demo; public class Main { public static void main(String[] args) throws Exception { // TODO Auto-generated method stub HelloBean3ServiceLocator loc = new HelloBean3ServiceLocator(); HelloBean3 hello = loc.getHelloBean3Port(); System.out.println("service tells me: `" + hello.sayHello() + "'"); } } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira