0 Replies Latest reply on Sep 19, 2008 12:23 PM by Michael Remijan

    Please help, cannot get @RolesAllowed to work.

    Michael Remijan Newbie

      I am trying to get @RolesAllowed to work but despite setting a user which does NOT have the role "JournalAccountLogin" the web service method is allowed to be called anyway. See below for what I have configured. From the client I use a user which has the role "Journal JWS" so I can get past the <security-constraints> definition in the web.xml, however this user does NOT have the "JournalAccountLogin" role so when I try to call the login(...) method I was expecting the call to not work but it does. Can anyone help with this?


       public Account login(...) { ... }

      FILE web.xml
       <display-name>secure and confidential</display-name>
       <description>Only Journal JWS role has access</description>
       <role-name>Journal JWS</role-name>
       <description>Only HTTPS</description>