Hi, I'm new to openejb. I'm trying to test the my hello ejb with security now with tomcat 5.0.28. I've added a method-permission to the myhello ejb but it does not seem to do anything -- ie, I can still access the ejb fine even though I am not in the role specified in the method-permission.
There's a mail archive that mentions principal to role mapping in openejb-jar.xml [http://mail-archives.apache.org/mod_mbox/geronimo-user/200409.mbox/%3cf [EMAIL PROTECTED] But I could not find any reference to a principal to role association in http://openejb.codehaus.org/faq_openejb-jar.html. There's another mail archive that says openejb does not have security (yet). Any help would be greatly appreciated. Thanks, Lily
