Check EJB 2.0 spec, sections: 21.2.5.3, declaring security roles (Bean Provider Responsability) 21.3.1, security roles (App. Assembler) 21.3.2, method permissions.
Here's a sample on methods permissions only (I assume you included the role "admin"): <method> <ejb-name>MyEJB</ejb-name> <method-name>remove</method-name> <method-intf>MyEJBHome</method-name> </method> Here's another: <method> <ejb-name>MyEJB</ejb-name> <method-name>remove</method-name> </method> Since remove() is a particular case, I'd use the second example. (remove is usually in both the Bean interface and the Home interface). -- =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
