My EJB looks like this: @RolesAllowed({"user", "admin"}) | public String echoUser(String src) { | log.debug("echoUser called with source string " + src); | return "Echo User: " + src; | } | | /* (non-Javadoc) | * @see com.csp.ejb.echo.EchoBeanInterface#echoAdmin(java.lang.String) | */ | @RolesAllowed({"admin"}) | public String echoAdmin(String src) { | log.debug("echoAdmin called with source string " + src); | return "Echo Admin: " + src; | } | | /* (non-Javadoc) | * @see com.csp.ejb.echo.EchoBeanInterface#echoAll(java.lang.String) | */ | @PermitAll | public String echoAll(String src) { | log.debug("echoAll called with source string " + src); | return "Echo All: " + src; | } my login-config file is very simple and looks like <application-policy name="test"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> | <module-option name="unauthenticatedIdentity">guest</module-option> | <module-option name="usersProperties">props/axle-users.properties</module-option> | <module-option name="rolesProperties">props/axle-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | The application works fine if I login as a user or admin and try to use the echo functions, but if I do not login I can't call the echoAll method. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4184866#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...