• Post Reply Bookmark Topic Watch Topic
  • New Topic

Question About Security Tag

 
Gowher Naik
Ranch Hand
Posts: 643
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<assembly-descriptor>
<method-permission>
<role-name>admin</role-name>
<method>
<ejb-name>MyBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>

<method-permission>
<unchecked/>
<method>
<ejb-name>MyBean</ejb-name>
<method-name>myMethod</method-name>
</method>
</method-permission>
</assembly-descriptor>

In above case will unchecked override admin role name?

Thanks
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Quoting from Mikalai Notes:

The method permissions relation is defined as the union of all the method permissions defined in the individual method-permission elements.


Hence for your example, myMethod will have a union of admin and unchecked which would mean that it can be accessed by any role(though it is not actually overriding but a union of both method-permissions)
 
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!