I am running the JBoss 2.4.4/Tomcat 4.0.1 integrated package, and I have
configured method permissions for my session beans. I access them with
a client that does not make any attempt to go through authentication.
I have the following in my ejb-jar.xml file:
<security-role>
<description>Employees</description>
<role-name>employee</role-name>
</security-role>
<security-role>
<description>Everyone</description>
<role-name>everybody</role-name>
</security-role>
<method-permission>
<role-name>employee</role-name>
<method>
<ejb-name>Catalog</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<method-permission>
<role-name>everybody</role-name>
<method>
<ejb-name>ShoppingCart</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
Catalog is a stateless session bean, and ShoppingCart is a stateful
session bean. Since the application does not know which role the client
is running under, I would expect a security exception when I call a
method on either of these beans. However, everything executes normally.
This is all I was able to get out of the documentation. Am I missing
something else?
Thanks,
Dhruva
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
