I am using org.jboss.security.ClientLoginModule(available in client side only) and I have one custom login module in server side.
My login operation is getting succeeded but when I try to call a create method of a session bean I am getting the exception (see below).
java.lang.SecurityException: Insufficient method permissions, principal=krish, ejbName=Sample, method=create, interface=HOME, requiredRoles=, principalRoles=null
If you do not want to specify any security on your EJB, then do not put any security domain in the jboss.xml file.
But if you do that, then authentication is not required anymore.
If you require authentication, you will need, at least, to sepcify that all your EJB operations are "unchecked" (see EJB spec) in the ejb-jar.xml, otherwise, by default, access is refused.