It's a long time since I last posted here.
I have a WebService EJB3 endpoint secured using @DeclareRoles and @RolesAllowed. As allowed by Java EE 6, the bean is packaged as a war. I deployed it in GF 3.1 but I can't get a standalone client to successfully invoke the secure method. The client keeps getting a not authorized exception. I have, of course, created user "user" in GF, assigned "user" to group "AppUser", enabled security manager and default principal to role mapping. I also tried mapping the application role "AppUser" with GF group "AppUser" without any success.
Has anyone else faced a similar problem or have any ideas?