[jboss-user] [JBoss Web Services] - Re: JBoss not honoring @PermitAll on EJB3 Endpoint

abhi0123 do-not-reply at jboss.com
Thu Apr 12 22:29:43 EDT 2012

abhi0123 [https://community.jboss.org/people/abhi0123] created the discussion

"Re: JBoss not honoring @PermitAll on EJB3 Endpoint"

To view the discussion, visit: https://community.jboss.org/message/729752#729752

I was slightly wrong. Apparently @PermitAll means all unauthorized, not all unauthenticated. It'd require a valid user but would accept any role. On the other hand, an unannotated method should allow unauthenticated access which isn't happening. Attached is a test project that demonstrates the problem. It depends on a remote JBoss AS 7 instance with the following users-*.properties files:

Abhijit$ tail -5 application-users.properties 
1. is for illustration only and does not correspond to a usable password.

Abhijit$ tail -5 application-roles.properties 

Reply to this message by going to Community

Start a new discussion in JBoss Web Services at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120412/296a3ace/attachment-0001.html 

More information about the jboss-user mailing list