2 Replies Latest reply on Nov 25, 2010 5:00 AM by Sergei Makarov

    JBoss 4.2.1: How to propagate authorization from web to EJB

    Sergei Makarov Newbie

      Hello!

       

      I'm using JBoss 4.2.1 and I have multitier application. In web part I'm using container-based authorization (web.xml, login form). In EJB part I'm using container-based authorization too with @RolesAllowed annotation. Ok. When I login into application I get all my principal/roles. But if somebody else login after me - he get my principal and roles in secured methods. In unsecure methods he get own principal/roles.

       

      Help please.