5 Replies Latest reply on Oct 20, 2009 12:12 PM by Dennis Kuehn

    Role check is not executed

    Dennis Kuehn Newbie

      I'm getting started with security stuff and have a very basic question concerning authorization.

      In my stateless session bean, deployed in a JBoss AS 5.1.0, I marked a business method with @DenyAll to see how security prevents me from calling this method. I did not change the security setup, i.e. did not modify the login-config.xml.

      My problem is, the method is executed as if there was no @DenyAll annotation. I also tried to put it in the remote interface and tried @RolesAllowed(..) too. Is this correct behavior? I would have expected the container to block these calls. What do I have to do to make it work?