[jboss-user] [Beginner's Corner] - Role check is not executed

mwx.dennis do-not-reply at jboss.com
Tue Oct 20 10:31:20 EDT 2009

I'm getting started with security stuff and have a very basic question concerning authorization.

In my stateless session bean, deployed in a JBoss AS 5.1.0, I marked a business method with @DenyAll to see how security prevents me from calling this method. I did not change the security setup, i.e. did not modify the login-config.xml.

My problem is, the method is executed as if there was no @DenyAll annotation. I also tried to put it in the remote interface and tried @RolesAllowed(..) too. Is this correct behavior? I would have expected the container to block these calls. What do I have to do to make it work?

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4261280#4261280

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4261280

More information about the jboss-user mailing list