From what i see in the EJB2.x code, this WARN message is printed if the bean is unsecured (i.e. you do not have any security-domain or restrictions on the roles that can access the bean method). I don't know why it should be logged as a WARN, since securing EJBs is optional.
I have same issue as above, but I configed "<security-domain>java:/jaas/lrs</security-domain>" in conf/standardjboss.xml, which by means should be default config to all my ejb2 jar, so why still not work?
BTW which works under jboss 4, I can see the security related JNDI in the jmx-console. but in jboss 5, only work if I add "<security-domain>java:/jaas/lrs</security-domain>" to jboss.xml under ejb2 jar's META-INF folder
The security-domain element specifies the JNDI name of the security
manager that implements the EJBSecurityManager and RealmMapping for
the domain. When specified at the jboss level it specifies the security
domain for all j2ee components in the deployment unit.
One can override the global security-domain at the container
level using the security-domain element at the container-configuration
Used in: jboss, container-configuration
Message was edited by: Bond Chan
So in jboss 4(EAP 4.3 or 4.2.3GA) security-domain config in standard-jboss.xml can be default for all applications in the same JVM? whilst in jboss 5(EAP 5.1.2 or 5.1.0.GA) need config security-domain inside the each application explicitely?