André Simões [http://community.jboss.org/people/asimoes] created the discussion "Security question about DatabaseServerLoginModule and SOAPFaultException" To view the discussion, visit: http://community.jboss.org/message/567219#567219 -------------------------------------------------------------- Hi. I want to know how can i solve the SOAPFaultException error that jboss send when a valid user try to access to a role that do not belong to it. Example of code exception with a C# client @WebContext(contextRoot = "/HeComm", transportGuarantee = "NONE", authMethod = "BASIC", secureWSDLAccess = false) @SecurityDomain("DBLogin") @PermitAll @RolesAllowed({"admin", "ws"}) public class WebSecurityBean implements WebSecurity{         @WebMethod     @RolesAllowed({"admin"})     public String echoForAdministrator(String str) {         checkPrincipal();         log.debug(str);         return str;     }       @WebMethod     @PermitAll     public String echoForAll(String str) {         checkPrincipal();         log.debug(str);         return str;     }       @WebMethod     @DenyAll     public String echoForNobody(String str) {         checkPrincipal();         log.debug(str);         return str;     }       @WebMethod     @RolesAllowed({"ws"})     public String echoForUser(String str) {         checkPrincipal();         log.debug(str);         return str;     }         @WebMethod     @RolesAllowed({"ManageUsers"})     public String echoForManageUsers(String str) {         checkPrincipal();         log.debug(str);         return str;     } } If my C# client have invalid user or password, jboss sends a message telling that. If my C# client hava valid user a password, jboss throws an exception in methods that are not allowed to my user role. My user have role "ws" and if i call method  echoForAdministrator or echoForNobody or echoForManageUsers I got an exception that starts like this: ERROR [SOAPFaultHelperJAXWS] SOAP request exception javax.ejb.EJBAccessException: Caller unauthorized at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199) . . . . In C# i got an exception that is ok, the user are not allowed to use this method, but why jboss receive an error exception from soap? Can I do something to eliminate this exception? I'm using JBOSS 5.10 and authentication on oracle db. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/567219#567219] Start a new discussion in EJB 3.0 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]