Can someone help me with an ejb security question? I have an EJB with three methods, m1 with unrestricted access, m2 accessible by guest role and m3 accessible by guest and admin roles. I am accessing all these three methods from three different jsps and displaying whether the access is successful or not. The first jsp index.jsp does not need any authentication and is able to access m1 only. The second jsp guest.jsp needs authentication for guest role and is able to access all three methods. Once logged in as guest, I expect the index.jsp also to be able access all three methods. But index.jsp is able to access m1 only though request.getUserPrincipal().getName() shows the logged in username. Is this the correct behavior or there is something wrong? I am using G 2.0.1.
++Vamsi
