> Side Note: We changed both Session Beans from
> @RolesAllowed("User") to @PermitAll, but still it
> says we are not authorized! VERY strange!
>
> Anybody an idea?
Not sure about this. But in general when you specify a run-as principal then you also need to make sure that the principal is mapped to the specified role that appears in the @RolesAllowed annotation. Did you do that ?.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]
http://forums.java.net/jive/thread.jspa?messageID=287273