Yesterday our web application ran fine on WildFly 9. Since this morning I get only a "Forbidden" in the web browser. We don't use JAAS. There is also no difference if I set the following value to false in the standalone.xml:
...
<subsystem xmlns="urn:jboss:domain:ejb3:3.0">
...
<default-missing-method-permissions-deny-access value="true"/>
...
</subsystem>
...
What can be the reasons that WildFly only shows the "Forbidden" page?
EDIT
If I set the log level for package org.jboss.security to TRACE I get the following message in the log file while calling the page:
2016-01-27 12:58:15,354 TRACE [org.jboss.security] (default task-5) PBOX00354: Setting security roles ThreadLocal: null
Not sure what this means ...
My EAR project and the inherited WAR project in eclipse was broken. There were several things missing like at example the application.xml.
Not sure why these things are missing and where I have lost it. But after fixing both projects deployments it works again.