Did you see the Note in that section?

NOTE : A new feature in EAP 6.1 or later will deny the invocation of unsecured methods of appOne/appTwo since security is enabled but the method does not include @Roles. You need to set ‘default-missing-method-permissions-deny-access = false’ for the ejb3 subsystem within the domain profile “ha” and “default” to allow the method invocation. See the install-domain.cli script.


Did you follow those instructions?

I am tempted to remove that entire section. I'm not sure it shows anything since it does not work by default anad you have to jump through hoops for it to work.

I didn't follow that, but as I can see, these changes were made in domain.xml configuration, so it should work.
It's better to remove this entire section, if it doesn't work.

Adding Wolf so he can comment.

I finally got a chance to test this and it doesn't work for me either. I sent an email to Wolf to ask if he wants to debug this or if we should just remove the section.

As the deployment names are changed a WEB-INF/jboss-web.xml is necesarry to set the correct context-root.

PR send https://github.com/jboss-developer/jboss-eap-quickstarts/pull/685

I closed the above pull because we don't want to hard-code the context-root. We wnat to use the name generated by the build using the variable: ${project.artifactId}

I did the following:
* Removed the hard-code context root from app-main/ear/pom.xml
* Udated the access URLs in the README to use the generated contexts
* Moved the section on adding users. It was in the middle of the section on configuring the server and it was confusing. I moved that section prior to the server configuration. 

Fixes are in this pull:
https://github.com/jboss-developer/jboss-eap-quickstarts/pull/686

Fixed with this commit: https://github.com/jboss-developer/jboss-eap-quickstarts/commit/88ca906a911049ba91ca3817b4486f7d3420b117

Verified on EAP 6.2 ER7