[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

Hi, your code seems correct. As we both don't know whether it will work with an Interceptor, I would advice you to make some test: call a servlet and try to perform your login action inside this. If this works, the problems might be a result of some Interceptor problem. If it works not with the servlet, the error lies probably in your security config. I see that you use username and password to perform the LDAP login. Why not using e.g. form based authentication according to the servlet spec (by declaring a range of secured pages in "web.xml")? JBoss provides a login module against LDAP. You might read e.g. this (shows all the steps required to secure a web app): http://www.developer.com/security/article.php/3077421/Introduction-to-Sec... or this (details about the JBoss LDAP login module): http://www.jboss.org/community/wiki/LdapLoginModule Hope this helps Wolfgang View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259159#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...