Thanks, David, I have changed some codes about EJB security, for it made some cases failed. Currently, I use whether securiy segment exists in the deployment plan to decide that , JACC Manager is or not need to be created. Ivan
2009/6/10 David Blevins <[email protected]> > > On Jun 2, 2009, at 11:08 PM, Ivan wrote: > > 1. If there is no method-permission for an EJB in the ejb-jar.xml, shall >> we still need a JACC Manager, which in it, we grant the all access >> permissions ? >> 2. When we will say that the EJBDeploymentGBean of an EJB is not >> security-enabled. In the current codes, the value seems always set to true. >> > > It seems both questions boil down to "if the user isn't using security, can > we have security-enabled set to false?" IIRC, that's what we did. Though > this part might have been changed along with David J's changes to make it so > that an app with EJB method-permissions (or equivalent annotations) would > fail on deployment if no security was setup. > > -David > > -- Ivan
