I'd like to further explain my problem when I worked with security implementation in EJB.
Assuming that I set web.xml and ejb-jar.xml properly, and using "the same" security domain name (JNDI name for security manager) that I wrote at jboss.xml and jboss-web.xml.
I am using Form based security login (j_security), and it works fine in the web container to authenticate and athorise user.
The problem is, when I call method in Session EJB, there is an exception, telling me that I do not have permission for create home interface.
This happen when I specify the security domain in jboss.xml (whether I set the authorisation setting in the ejb-jar.xml or not).
Did I miss some steps before calling EJB methods, so that I dont have permission to acess them?
When I removed Security Domain, and checked the User's Principles of the active Subject in the EJB container, it is similar to the User's Principles in the web container.
Please help me with this problem.