Hi,
either tools inspect the packaged
EJB or the EJB application/component will have to discuss these roles in documentation--in the enterprise, documentation is a good thing anyway.
By the way, this problem is not completely new: for example, how would a deployer know about roles that are only referenced in calls to EJBContext.isCallerInRole(
String), even in a EJB 2.x application?
I think some (lightweight) documentation is the way to go...
Cheers,
Oliver