AFAIK, null principal is no longer problem of barfing.
I use special role "nobody" for this puprose,
and login module which gives role "nobody" for
every user authenticated or not.
BTW, some login modules have parameteer which allows assigment of certain role to unauthenticated users.
AFAIK, "unchecked" permission exists for EJB2.0 only.
Thanks for your reply, however I am getting the principal=null exception.
Has this been fixed in a newer release of JBoss? I am using 2.4.3.
Did you create a new login module or use an existing one? When you say "some login modules have parameter..." which ones and how is that used?
Use the unauthenticatedIdentity option to set what
principal name user's without login credentials will
be mapped to:
principalsQuery="select Password from Principals where PrincipalID=?"
rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"