Thank you Darranl, I followed your suggest and now everything is Ok except one thing. When Prg Role calls remove() on session bean I have a SecurityException generated by JBoss. I'm using Xdoclet to write my session bean's class (it automatically generates ejb-jar.xml file and bean's interfaces) and I don't find in ejb-jar.xml file an authorization for role Prg to call remove() method. I put this code (by hand) inside ejb-jar.xml file:
| <method-permission > | <description></description> | <role-name>Prg</role-name> | <role-name>Lis</role-name> | <method > | <description></description> | <ejb-name>Modify</ejb-name> | <method-intf>Home</method-intf> | <method-name>remove</method-name> | <method-params> | </method-params> | </method> | </method-permission> | and restarted JBoss, but the problem is still present. JBoss says that remove() method is callable only by Ips and Aci Roles. Thank You Moreno View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872702#3872702 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872702 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
