[jboss-user] [EJB3] - Re: security in ejb3.1 using jboss 6.0 CR1

aravind kopparthi [http://community.jboss.org/people/aravindsk] created the discussion "Re: security in ejb3.1 using jboss 6.0 CR1" To view the discussion, visit: http://community.jboss.org/message/575244#575244 -------------------------------------------------------------- Here is the log that i got ( when i enabled debug). logged in as admin expecting that i will get a permission denied when calling getMembers() in SLSB since it is annotated as @RolesAllowed("businessowner"). user=admin roles=*HttpInvoker,JBossAdmin,WebAppUser* REST/WEB-REQUEST @Path("/members") @RequestScoped *public* *class* MemberRESTService {       @EJB       Private SLSBProcessBean memberBean;       @GET       @Produces(MediaType.+APPLICATION_XML+) *public* List<Member> findMember() { *return* memberBean.getMembers()       } } -----------EJB---------- @Stateless Public class SLSBProcessBean { @RolesAllowed("businessowner") Public List getMembers() {             //Business Logic             Return members; } } config META-INF/Jboss.xml <jboss>     <security-domain>java:/jaas/myapp-secure-domain</security-domain> </jboss> WEB-INF/jboss-web.xml <jboss-web>   <security-domain>java:/jaas/myapp-secure-domain </security-domain> </jboss-web> ------------------------------------------------------------------------------------------------------------------------------------LOG------------------------------------------------------- 11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /javaee6-app/rest/members 11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] We have cached auth type FORM for principal GenericPrincipal[*admin(HttpInvoker,JBossAdmin,WebAppUser*,)] 11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 'SecurityConstraint[All resources]' against GET /rest/members--> false 11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   No applicable constraint located 11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Not subject to any constraint 11:44:16,109 DEBUG [org.jboss.resteasy.core.SynchronousDispatcher] PathInfo: members 11:44:16,109 DEBUG [org.jboss.resteasy.cdi.CdiConstructorInjector] Beans found for class com.sak.home.service.rest.MemberRESTService : [Managed Bean [class com.sak.home.service.rest.MemberRESTService] with qualifiers [@Any @Default @Exact]] 11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver] Resolving reference for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] in org.jboss.metadata.ejb.jboss.JBossMetaData@1f 11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver] Found match in EJB SLSBProcessBean for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] 11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver] Found specified beanInterface that is not a direct beanInterface of EJB SLSBProcessBean: com.sak.home.process.SLSBProcessBean 11:44:16,109 DEBUG [org.jboss.metadata.ejb.jboss.jndi.resolver.impl.JNDIPolicyBasedSessionBeanJNDINameResolver] Resolved JNDI Name for Interface com.sak.home.process.SLSBProcessBean of type NO_INTERFACE is SLSBProcessBean/no-interface 11:44:16,109 DEBUG [org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver] Resolved JNDI Name for [EJB Reference: beanInterface 'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] of EJB SLSBProcessBean: SLSBProcessBean/no-interface -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/575244#575244] Start a new discussion in EJB3 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]