I have a secured EJB3 @Service bean as follows: | @Service | @Management(MyClassInterfaceManagement.class) | @Local(MyClassInterface.class) | @SecurityDomain("myrealm") | @RolesAllowed( { | "admin", "system" | }) | @RunAs("system") | public class MyClass implements MyClassInterface, MyClassInterfaceManagement | { ... } | | I have the proper things setup in my login-conf.xml file, but when I deploy this class, I get an exception stating: | 21:11:05,887 WARN [ServiceController] Problem creating service jboss.j2ee:ear=MyEar.ear,jar=MyJar.jar,name=MyClass,service=EJB3,type=ManagementInterface | javax.ejb.EJBAccessException: Authorization failure | at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptor.invoke(RoleBasedAuthorizationInterceptor.java:113) | What's wierd is that I can comment out the "@SecurityDomain("mydomain")" annotation, and I don't receive the exception when I start the server, and everything works fine. This seems like a bug, although I'm not sure. Any Idea what is going on? My assumption is that by commenting out the @SecurityDomain annotation, the Management/Service is defaulting to the security domain specified in my jboss-app.xml file in my ear, which says: | | <jboss-app> | <security-domain>myrealm</security-domain> | ..... | </jboss-app> | | The applicable login-conf.xml snippets are below. Thoughts? | | <application-policy name = "myrealm"> | <authentication> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> | <module-option name = "dsJndiName">java:/myDS</module-option> | <module-option name = "principalsQuery">select PASSWORD from SYSTEM_USER where USER_ID=?</module-option> | <module-option name = "rolesQuery">select SYSTEM_USER_ROLE.ROLE_NAME, 'Roles' from SYSTEM_USER_ROLE, SYSTEM_USER_SYSTEM_USER_ROLE, SYSTEM_USER where ((SYSTEM_USER_SYSTEM_USER_ROLE.ROLES_ID = SYSTEM_USER_ROLE.ID) and (SYSTEM_USER_SYSTEM_USER_ROLE.USERS_ID = SYSTEM_USER.ID) AND (SYSTEM_USER.USER_ID = ?)) | </module-option> | <module-option name = "unauthenticatedIdentity">guest</module-option> | </login-module> | <!-- Add this line to your login-config.xml to include the ClientLoginModule propogation --> | <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> | </authentication> | | | | <application-policy name = "other"> | <authentication> | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> | <module-option name = "dsJndiName">java:/myDS</module-option> | <module-option name = "principalsQuery">select PASSWORD from SYSTEM_USER where USER_ID=?</module-option> | <module-option name = "rolesQuery">select SYSTEM_USER_ROLE.ROLE_NAME, 'Roles' from SYSTEM_USER_ROLE, SYSTEM_USER_SYSTEM_USER_ROLE, SYSTEM_USER where ((SYSTEM_USER_SYSTEM_USER_ROLE.ROLES_ID = SYSTEM_USER_ROLE.ID) and (SYSTEM_USER_SYSTEM_USER_ROLE.USERS_ID = SYSTEM_USER.ID) AND (SYSTEM_USER.USER_ID = ?)) | </module-option> | <module-option name = "unauthenticatedIdentity">guest</module-option> | </login-module> | </authentication> | | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4119296#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...