Why are unprotected EJB methods denying access in EAP 6.1.0?

Solution Verified - Updated -

Issue

  • Why are unprotected EJB methods denying access in EAP 6.1.0?
  • It seems that invoking an EJB3 method that is part of a security domain and has no permissions set (e.g. no @PermitAll or no @RolesAllowed) doesn't work anymore.
  • If I look at standalone.xml (compared to EAP 6.0.1) I see that default-missing-method-permissions-deny-access is added with a default of true. When I change it to false everything is working again. Why is this behaviour changed?
  • After upgrade from EAP6.0.1 to EAP6.1 some methods can not be invoked and show the following error
Exception in thread "main" javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String org.jboss.as.quickstarts.ejb.multi.server.app.AppTwo.invoke(java.lang.String) of bean: AppTwoBean is not allowed

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.