I have a web service implemented as a stateless EJB3.0, using Eclipse IDE, Java 1.6.0 and deploying to JBoss AS 5.1.0.GA.
I have been successful in configuring JBoss for JAAS security for the rest of the J2EE application, including adding a @RolesAllowed(...) annotation to my EJB methods, and this does indeed work.
I've added such an annotation now to my web service method, and am unable to invoke the method using the SoapUI test client, even though I've provided my user name and password in the properties of the request (this is the data item created in SoapUI, which it uses to generate the actual soap message request).
Note that if I remove the @RolesAllowed(...) annotation from the web service method, I'm able to call it just fine using SoapUI. When I add the @RolesAllowed(...) annotation back in and attempt to call it from SoapUI, I get the following error in the JBoss AS log file: