The SecurityInterceptor does the following in checkSecurityAssociation:
Set methodPermissions = container.getMethodPermissions(
mi.getMethod(), home );
if (!realmMapping.doesUserHaveRole( principal, methodPermissions
))
{
// should log illegal access
throw new java.rmi.RemoteException("Illegal access exception");
}
Sometimes, methodPermissions is null, so realmMapping.doesUserHaveRole
returns false (I'm using the DatabaseRealmMapping and
DatabaseSecurityManager).
Is this the correct behavior? It would seem that if there are no method
permissions, doesUserHaveRole should not be called.
Thanks for any help with this.
--
Kevin Lewis
Middle Reliever
Axys Solutions
http://www.AxysSolutions.com/
