Hello!
I am using jboss-3.0.0 with bundled Tomcat 4.0.3. I am also using Xdoclets.
I have a Java servlet which is a client to an EJB. I have configured Security, but I am having some problems with the communication between the servlet and the EJB. My servlet asks for username/password and validates it. Calling
"request.getUserPrincipal()" I get the right answer.

Whhen the servlet tries to access the EJB, I get the following error:
15:10:22,922 ERROR [SecurityInterceptor] No method permissions assigned to method=create
15:10:22,932 ERROR [STDERR] java.rmi.ServerException: checkSecurityAssociation;
nested exception is:
java.lang.SecurityException: No method permissions assigned to method=create;


My jboss-security.xml is the following:

<security-domain>java:/jaas/MyTEST</security-domain>
<assembly-descriptor>
<security-role>
<role-name>Manager</role-name>
</security-role>

<method-permission>


<ejb-name>test/MyTestSession</ejb-name>
<method-name>create</method-name>

</method-permission>

<method-permission>
<role-name>Manager</role-name>

<ejb-name>test/MyTestSession</ejb-name>
<method-name>*</method-name>

</method-permission>
</assembly-descriptor>


The file is in the right place (directory), because I get the security-domain working.
Isn't this file the right one to include "method-permission" declarations?

Can any one help me, please.

Thank you in advance,
Victor Batista