1 Reply Latest reply on Nov 17, 2006 11:50 AM by kingkong1976

    security-domain problem

    kingkong1976

      hi

      i have configured a security domain successfully. in some session beans i have declared:
      @RolesAllowed({"Operator", "ServiceAdministrator"})

      in another session bean i don't have declared any Roles. but still if i'm tryin to access them (using the local home interface in a web application) with an anonymous session i get an Authentication failure. if i'm logged in as Operator or ServiceAdministrator everthing works fine.

      how do i configure my session beans that they will allow anonymous access?

      any help is appreciated.

      thanks daniel



        • 1. security-domain problem...
          kingkong1976

          hi

          by the way, i have forgot to mention, that the bean i would like to access anonymously is declared with @PermitAll.

          in the mean time i have found out, that not the bean itself is the problem. the jndi lookup already try's to authenticate.

          i have tried with this two initial context factorys
          - org.jboss.security.jndi.JndiLoginInitialContextFactory
          - org.jnp.interfaces.NamingContextFactory
          but it is not working.

          i have now a workaround implemented for the anonymous user:

          1. i have set up an user account "anonymous" which belons to role "anonymous"
          2. added the user anonymous to the enviroment for creating the initial context
          3. created a special serviceloctar as non singelton, otherwise only the first request is succesfull...

          that's it. not a really nice solution.

          if anyone has a better solution, please let me know by sending an email -> thekingATbluemailDOTch (as the "Notify me when a reply is posted" is not really working :-( )

          thanks daniel