On Aug 11, 2005, at 2:22 PM, Lily Hsiao wrote:
Hi,
I'm new to openejb. I'm trying to test the my hello ejb with security
now with tomcat 5.0.28.
I've added a method-permission to the myhello ejb but it does not seem
to do anything --
ie, I can still access the ejb fine even though I am not in the role
specified in the method-permission.
There's a mail archive that mentions principal to role mapping in
openejb-jar.xml
[http://mail-archives.apache.org/mod_mbox/geronimo-user/200409.mbox/
%3cf
[EMAIL PROTECTED]
But I could not find any reference to a principal to role
association in
http://openejb.codehaus.org/faq_openejb-jar.html.
There's another mail archive that says openejb does not have security
(yet).
Any help would be greatly appreciated.
Hi Lily,
For OpenEJB 1.0 and lower what we need is an integration with the
Tomcat security so we can plug that into OpenEJB. Then all
authenticated requests into Tomcat would propagate to OpenEJB.
Hey Jeff, is this something you might know how to do? Move the
thread over to dev if you have some ideas.
-David
