From what i see in the EJB2.x code, this WARN message is printed if the bean is unsecured (i.e. you do not have any security-domain or restrictions on the roles that can access the bean method). I don't know why it should be logged as a WARN, since securing EJBs is optional.

Hi Jaikiran,

I have same issue as above, but I configed "<security-domain>java:/jaas/lrs</security-domain>" in conf/standardjboss.xml, which by means should be default config to all my ejb2 jar, so why still not work?

BTW which works under jboss 4, I can see the security related JNDI in the jmx-console. but in jboss 5, only work if I add "<security-domain>java:/jaas/lrs</security-domain>"  to jboss.xml under ejb2 jar's META-INF folder

<!--

  The security-domain element specifies the JNDI name of the security

  manager that implements the EJBSecurityManager and RealmMapping for

  the domain. When specified at the jboss level it specifies the security

  domain for all j2ee components in the deployment unit.

  One can override the global security-domain at the container

  level using the security-domain element at the container-configuration

  level.

  Used in: jboss, container-configuration

-->

Message was edited by: Bond Chan

So in jboss 4(EAP 4.3 or 4.2.3GA) security-domain config in standard-jboss.xml can be default for all applications in the same JVM? whilst in jboss 5(EAP 5.1.2 or 5.1.0.GA) need config security-domain inside the each application explicitely?