1 Reply Latest reply on Oct 24, 2008 9:00 AM by jej2003

@PermitAll and UnauthenticatedIdentity

jej2003 Oct 24, 2008 8:58 AM

The Java Docs for PermitAll say the following

Specifies that all security roles are allowed to invoke the specified method(s) i.e that the specified method(s) are "unchecked". It can be specified on a class or on methods. Specifying it on the class means that it applies to all methods of the class. If specified at the method level, it only affects that method. If the RolesAllowed is specified at the class level and this annotation is applied at the method level, the PermitAll annotation overrides the RolesAllowed for the specified method.

After reading this I had assumed that by having an unauthenticatedIdentity set up in my login-config.xml file for the appropriate JAAS Domain anyone would be able to access that particular method. This does not seem to be the case though. In short what needs to be done to allow an unauthenticated user to be able to invoke a method on an EJB that is secureded by a JAAS domain?

1. Re: @PermitAll and UnauthenticatedIdentity

jej2003 Oct 24, 2008 9:00 AM (in response to jej2003)

Ok, it made a liar out of me and just worked. I guess I had something screwy when doing the hot deploy...simple jboss restart fixed it.
Actions