5 Replies Latest reply on Oct 10, 2011 10:05 AM by grrd

    @RolesAllowed ignored?

    Miguel Angel Manese Newbie

      I am using jboss 4.2.1.GA. I have the ff session bean

      public class AccountRDAOAction extends RDAOAction
       implements AccountRDAO, Serializable

      I defined the ff policy in login-config.xml:

      <application-policy name="mypolicy">
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name="unauthenticatedIdentity">anonymous</module-option>
       <module-option name = "dsJndiName">java:/itranscribe-ds</module-option>
       <module-option name = "principalsQuery">select password from logins where username=?</module-option>
       <module-option name = "rolesQuery">
       select 'authenticated' as Role, 'Roles' as RoleGroup where length(?) > 0

      It is driving me nuts why I can still access the methods of the supposedly protected bean. I tried annotating the methods and still the same.

      M. Manese