Why are unprotected EJB methods denying access in EAP 6.1.0?

Solution Verified - Updated -

Issue

  • Why are unprotected EJB methods denying access in EAP 6.1.0?
  • It seems that invoking an EJB3 method that is part of a security domain and has no permissions set (e.g. no @PermitAll or no @RolesAllowed) doesn't work anymore.
  • If I look at standalone.xml (compared to EAP 6.0.1) I see that default-missing-method-permissions-deny-access is added with a default of true. When I change it to false everything is working again. Why is this behaviour changed?
  • After upgrade from EAP6.0.1 to EAP6.1 some methods can not be invoked and show the following error
Exception in thread "main" javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String org.jboss.as.quickstarts.ejb.multi.server.app.AppTwo.invoke(java.lang.String) of bean: AppTwoBean is not allowed

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content