Hi, thanks for the reply.
Yes, I configured using netbeans message level security and I wanted this message level security to authentificate the user against a jdbc realm. I don't know if what I did was correct, so I am open to any suggestions on how to do that.
Also, are you sure declarative security does not work on Serlvlet WebService? I build an web-app and an EAR (btw, I moved the configuration from sun-ejb-jar.xml to sun-application.xml just as you suggested, and configured the realm and security-role-mapping there for both the web and ejb module), and it seems to work fine.
The only problem I have now is that injection does not work (i tried @EJB - it throws an Exception and @Resource - it doesn't throw any exception but the WebServiceContext I wanted is always null, even if I try to do a lookup).
Thanks.
[Message sent by forum member 'powerhouse_b' (powerhouse_b)]
http://forums.java.net/jive/thread.jspa?messageID=265629