aravind kopparthi [http://community.jboss.org/people/aravindsk] created the discussion "Re: security in ejb3.1 using jboss 6.0 CR1" To view the discussion, visit: http://community.jboss.org/message/576295#576295 -------------------------------------------------------------- good new and bad news. good news is : below configuration worked and over convention: i removed the @SecureDomain in the code. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss PUBLIC     "-//JBoss//DTD JBOSS 6.0//EN"     " http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd"> <jboss> <security-domain>java:/jaas/javaee6-app</security-domain> </jboss> <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss PUBLIC     "-//JBoss//DTD JBOSS 6.0//EN"     " http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd"> <jboss> <security-domain>java:/jaas/javaee6-app</security-domain> </jboss> i get the expected results when the non-business users calls the business method org.jboss.resteasy.spi.UnhandledException: javax.ejb.EJBAccessException: Caller unauthorized      org.jboss.resteasy.core.SynchronousDispatcher.unwrapException(SynchronousDispatcher.java:329)      org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:305)      org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:198)      org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:174)      org.jboss.resteasy.core.SynchronousDispatcher.getResponse(SynchronousDispatcher.java:518)      org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:480)      org.jboss.resteasy.core.SynchronousDispatcher.invokePropagateNotFound(SynchronousDispatcher.java:139)      org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:211)      org.jboss.resteasy.plugins.server.servlet.FilterDispatcher.doFilter(FilterDispatcher.java:59)      org.jboss.weld.servlet.ConversationPropagationFilter.doFilter(ConversationPropagationFilter.java:67) *root cause* * * bad news is : stateless session bean can not have any extends : please clarify if it is a requirement that slsbs can not extend any classes please advise for any solution to make security work for slsb's that extend class/abstract class -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/576295#576295] Start a new discussion in EJB3 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]