The EJB 2.0 specification does not appear to make it clear whether method access checks should be performed before or after any run-as identity has been applied. I favour the former, but others assume the latter. Can someone make a definitive statement? Glyn Normington =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
