2 Replies Latest reply on Jul 26, 2014 2:29 AM by Alexis Hassler

    Problem with security-domain on a Web + EJB application

    Alexis Hassler Apprentice

      I'm playing with this example from  radcortez : radcortez/wildfly-custom-login-module · GitHub . Tt's working fine.

      I tried to make a few changes to reflect my application. For example, my EJBs aren't secured : no @RolesAllowed annotation. I forked the repo and removed the annotation on the EJB : hasalex/wildfly-custom-login-module · GitHub.   Now, my EJB shouldn't be secured anymore.

      With the tiny change, the whole authentication fails and don't pass anymore through the LoginModule.

      A workaround would be to add a @PermitAll on each non-secured EJB. Is there an easier and more direct way to make it work ?