I'm writing an account-manager app where users can register themselves so that they can authenticate themselves later with the information entered.
So I have a SessionBean (SUserBean) with two methods ("getNewUser" "storeNewUser") which everyone (especially unathenticated users) are allowed to call.
In addition I have a method "getUser" which returns the actual users data (to edit the own user profile).
So I placed method-permissions on the methods-to-secure, entered a name for "unauthenticated-principal" in jboss.xml and assigned method-permissions for this user to the two unsecure-methods.
But this doen't work - all I get are SecurityPermissions (principal=null) at the point where I create a new bean
(look dtds below)
I think there is a mapping mising between the user "NOBODY" and the role "UNATHENTICATED" but I didn't found anything where I can specifiy this. I also tried to use the same name but that didn't work, too.
Can anyone help me???
Here are my DDs: (compressed to security-relevant parts)
Sorry - "UNAUTHENTICATED" is spelled in both "role-name"-tags. So that could not be the problem