Hello,
There is an EntityBean with all its methods permitted to be run by the
role, say suppose "MASTER".
For that an entry is made in ejb-jar.xml as shown below.
<method-permission >
<role-name>MASTER</role-name>
<method >
<ejb-name>MyEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
The Security Role has also been specified in the ejb-jar.xml as given below
<security-role>
<role-name>MASTER</role-name>
</security-role>
Now this Entity Bean is called from a method of Session Bean whose
principal/caller identity is not defined... The call to
isCallerInRole("MASTER") in the method of SessionBean returns false.
Even then the bean is able to successfully execute the method call.
I was expecting a Security Exception from container
Please Comment.
Regards,
Vikram Naik
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
