If there is no security role defined for a method, it means that none of the security
roles
defined in the DD needs to call this role. It is up to the deployer to decide how to
handle
the access to these methods. Normally, the deployer should deny access to these
methods.
However, it is possible that the other methods may be called by other applications or
components
that are not in the ejb-jar, so it would be wrong for the EJB spec to require that the
Deployer
always MUST to deny access to these methods. After all, the Deployer can override any
of
the declarative security information provided in the DD.
Vlada
----- Original Message -----
From: David Warren <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 19, 1999 1:08 PM
Subject: EJB 1.1 Spec: Does no <method-permission> allow access?
> Hi,
> I'm trying to understand the semantics of a method which is not listed in a
> <method-permission> block. Specifically, should access be denied or allowed if
> no permission is associated with a method.
>
> The EJB Bean Writer's Guide indicates that access should be allowed.
>
> Thanks,
> David
> --
> Obligatory .signatory...
> David Warren ([EMAIL PROTECTED]) phone: 781/890-0444, fax: 781/890-4998
> Hitachi Computer Products (America), Inc., 1601 Trapelo Rd.,Waltham, MA
> 02451-7366
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
>
>
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
