1 of 1 people found this helpful
I think you have to use @RolesAllowed(...) or @PermitAll on the init() method of your EJB.
Also, you have to define a security domain (which is "other" by default) in jboss-ejb.xml (or WEB-INF/jboss-web.xml for the webapp part)
yes it looks like the jboss-ejb3.xml file was missing in my EJB module. After I added the jboss-ejb3.xml with the following content my application works!
<?xml version="1.1" encoding="UTF-8"?>
I am not sure if the run-as-principal is necessary here.?
But thanks for your hint!
I don't think the "s:run-as-principal" is necessary for your case (it means your EJBs will run with a principal called "manfred")
This is the missing-method-permissions-deny-access which is important here: by default it is set to true, and this prevents access
to methods of a secured EJB which have no explicit security configuration (equivalent to an hidden @DenyAll annotation)
Thanks for help!