2 Replies Latest reply on Aug 3, 2007 5:30 PM by Anil Saldanha

    @RolesAllowed not working in EJB3

    Chris Malan Novice

      All session bean implementations have the required @SecurityDomain("theDomain") annotation.

      What does not work is that once somebody has logged in, he can call any session bean method, even those calling for a role he is not in.

      This is in JBoss 4.0.3. This has worked fine before in EJB 2.1. My login code and login-config.xml are all still the same.

      Any idea what is going on? I did look at the EJB3 tutorial, again.