hi all, I have few questions on security role mappings. Before that i want to put my understanding about security mappings.If there is anything wrong in my understanding please let me know.
I think , 1 . In ejb-jar.xml we declare security roles in <security-role> tags. 2 . In ejb-jar we specify which methods are accessed by which roles using <role-name> in <method-permission>. 3 . In openejb-jar.xml we asscocite principals to security roles , by this we are allowing all the principals in a role to access those methods which the role can access . Qn :- Why role mappings is part of each EJB.Since we already defined what permissions does each role have on each ejb(using <method-permissions>) why doing it here again. Isn't it sifficient to map principals to roles in openejb.jar? thanx in advance -- regards, prem