On Jun 2, 2009, at 11:08 PM, Ivan wrote:
1. If there is no method-permission for an EJB in the ejb- jar.xml, shall we still need a JACC Manager, which in it, we grant the all access permissions ? 2. When we will say that the EJBDeploymentGBean of an EJB is not security-enabled. In the current codes, the value seems always set to true.
It seems both questions boil down to "if the user isn't using security, can we have security-enabled set to false?" IIRC, that's what we did. Though this part might have been changed along with David J's changes to make it so that an app with EJB method- permissions (or equivalent annotations) would fail on deployment if no security was setup.
-David
