I am writing an EJB
and wish to use the standard JAAS and EJB security mechanisms to secure access
to the create, remove and setXX methods of my bean so that only users is certain
groups can modify the data in the bean. I also wish to allow users that are not
logged in (authenticated by JAAS) to access the findXXX methods and the getXXX
methods of the bean. So far I have been able to get the security working so that
the methods are secure but cannot get annonymous access to the unsecure
methods.
If the user is not
logged in the Principal is null and the container throws an exception. Is there
currently any way in jboss to say these methods do not require a valid
user?
Paul
Paul
Austin
Viant
Tel: +44-20-7984-7158
Fax: +44-20-7984-7101
AIM: PaustinViant
YahooIM: p_d_austin
JabberIM: paustin
