In the Home interface of a SessionBean the create() method is automatically generated by xDoclet. If I specify a security domain for the bean but do not specify an @ejb.permission at the class level then when the create() is called and the SecurityAssocation class checks to make sure that the caller is in the correct role, the following exception is thrown:
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: No method permissions assigned to method=create, interface=HOME If I then specify for the class: /** * ... * @ejb.permission * unchecked="true" * ... */ I can execute the create() method as well as any other method I've specified in the bean even though I have specified method level permissions with a role different from the one associated with the principle I logged in with. In other words if I have specified the following for a method foo(): /** * * @ejb.interface-method * @ejb.permission * role-name="Student" */ public String foo()... but if I have set the permission for the class as shown above then if my role is that of 'Teacher' and not 'Student' I can still execute the foo() method. So the question is this... How can you specify the role(s) required for the default create() method that xDoclet generate in the home interface without having to specify the role(s) for the entire class. A corollary would be... If I specify a default role(s) for the class shouldn't I be able to override that at the method level with a method level specification of the role(s) and if so how can I do that? Thanks, -Fred- ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ xdoclet-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/xdoclet-user
