I have a bean (allow access to config informations) that must be accessed from an unauthenticated context (i.e. init of a servlet). I've configured the bean to have the unchecked metho permission on all methods but still the container need an autenticated principal to let me access the bean. So I tried the <unauthenticated-principal> tag in the jboss.xml deployment descriptor. I seems not to work: i still receive a SecurityException for the principal being null. Browsing this forum i've found this possible solution: add the following row to the auth.conf file unauthenticatedIdentity="nobody"
Now it seems to work but I don't ike thos workaround, I'd like to configure everithing from the deployment descriptor. Any idea? Am I doing something wrong?