I've tried to make a call to a session EJB from an unsiged applet. How-ever, this seems to be impossible.
At first I got the exception
java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo). This is fixed, by removing all client security checks in conf/standardjboss.xml. However, another exception occurs:
access denied (java.io.SerializablePermission enableSubstitution) java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution) at java.security.AccessControlContext.checkPermission(Unknown Source)
permission java.io.SerializablePermission "enableSubstitution";