• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

security question : security-role + method permission

 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question: "If a security role is defined but not used in any method-permission elements that role has permission over all methods of any EJBs within the Enterprise Javabean application".

It's false.

Answer:

If a security role is defined but not used in any method-permission elements it does not mean that the role has permission to invoke all methods. A caller with this role will have the same rights as a caller without a specified security role.

- Does it mean that the caller won't have any kind of access to method calls ?

Tks.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does it mean that the caller won't have any kind of access to method calls

No. He will have access to unchecked and non-restricted methods.
 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Christophe ,

Ah, right right..forgot including this unchecked...

but..what do you mean about "non-restricted methods" ?

tks.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Methods whose security settings have not been set, but I don't remember if it was mandatory or not to set them
[ September 11, 2007: Message edited by: Christophe Verre ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic