I think you need to add
into <assembly-descriptor> too.
Did you find the way to solve this issue?
I am experiencing exactly the same one with JBoss 2.4.4
I should probably mention that there is no problem at all if the session bean is deployed as a stateless session bean. But if it is deployes as a stateful one, then the exception described in the initial email of this thread is occuring.
Anybody has any ideas why? Am I missing something in the EJB spec or JBoss documentation saying that after a security excpetion, the stateful bean are gone/discarded?
Any help will be appreciated.
Thanks to Annegret (the intial post of this thread), I got the answer to my question. There it is for anybody else interested:
The behavior you see is correct based on our interpretation of the
EJB spec. The SecurityException is treated as RuntimeException
thrown by the business method and the session is discarded. If
other servers treat this differently file a bug.
You cannot achieve the behavior you are looking for using a single
stateful session bean accessed by a client. You would need to
partition the work being done so that the restricted operation can
be isolated from the session state you want to save on failure. You
would need to add another stateless or stateful session bean for the
restricted operation and catch and deal with the SecurityException
Chief Technology Officer
JBoss Group, LLC