That is, in essence, what you are doing. You reduce the visibility of the DataSource to only those roles that are allowed to invoke your EJB's. The datasource itself has no concept of secured invocation on it's own, being that it can only be invoked in the context of a managed operation (ie an operation from an EJB/Servlet). If a subject that is not not allowed to invoke an operation on an EJB attempts such an operation, it will not succeed.
Again, since you will not, by default, be able to use the DS outside of the container only EJB/Servlets will have access. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3944939#3944939 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3944939 ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
