Hi Jeff, That would be great. Please keep me posted. Thanks Lily
> -----Original Message----- > From: David Blevins [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 11, 2005 3:01 PM > To: [email protected] > Cc: Jeff Genender > Subject: Re: [openejb-user] Openejb and security > > On Aug 11, 2005, at 2:22 PM, Lily Hsiao wrote: > > > > > Hi, > > > > I'm new to openejb. I'm trying to test the my hello ejb > with security > > now with tomcat 5.0.28. > > I've added a method-permission to the myhello ejb but it > does not seem > > to do anything -- ie, I can still access the ejb fine even > though I am > > not in the role specified in the method-permission. > > > > There's a mail archive that mentions principal to role mapping in > > openejb-jar.xml > > [http://mail-archives.apache.org/mod_mbox/geronimo-user/200409.mbox/ > > %3cf > > [EMAIL PROTECTED] > > But I could not find any reference to a principal to role > association > > in http://openejb.codehaus.org/faq_openejb-jar.html. > > > > There's another mail archive that says openejb does not > have security > > (yet). > > > > Any help would be greatly appreciated. > > Hi Lily, > > For OpenEJB 1.0 and lower what we need is an integration with > the Tomcat security so we can plug that into OpenEJB. Then > all authenticated requests into Tomcat would propagate to OpenEJB. > > Hey Jeff, is this something you might know how to do? Move > the thread over to dev if you have some ideas. > > -David >
