5 Replies Latest reply on Oct 10, 2011 10:05 AM by grrd

    @RolesAllowed ignored?

    Miguel Angel Manese Newbie

      I am using jboss 4.2.1.GA. I have the ff session bean

      @RolesAllowed({"authenticated"})
      @Stateless
      @Remote({AccountRDAO.class})
      public class AccountRDAOAction extends RDAOAction
       implements AccountRDAO, Serializable
      {
      
      ...
      
      }
      


      I defined the ff policy in login-config.xml:

      <application-policy name="mypolicy">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag = "required">
       <module-option name="unauthenticatedIdentity">anonymous</module-option>
       <module-option name = "dsJndiName">java:/itranscribe-ds</module-option>
       <module-option name = "principalsQuery">select password from logins where username=?</module-option>
       <module-option name = "rolesQuery">
       select 'authenticated' as Role, 'Roles' as RoleGroup where length(?) > 0
       </module-option>
       </login-module>
      
       </authentication>
       </application-policy>
      


      It is driving me nuts why I can still access the methods of the supposedly protected bean. I tried annotating the methods and still the same.

      Thanks,
      M. Manese