All the methods defined in the remote or home interface and all superinterfaces, including the methods defined in the EJBObject and EJBHome interfaces, can be assigned security roles in the <method-permission> elements. Any method that is excluded will not be accessible by any security role.
I have created a private method in my Stateless Session Bean. Can I assign permissions to methods which are (1) private (2) not exported in the remote nor local interface ? Will they work ? Regards, Pho
By definition, a private method cannot be defined in an interface. Therefore you can't assign a security permission to it. In particular, the Java language specification (section 9.4) states in regard to method declarations in interfaces that the only acceptable method modifiers are public and abstract. Kyle [ April 30, 2004: Message edited by: Kyle Brown ]
And for you second question, you can only assign permissions to method on the Local or Remote Interface because these methods are called by the client through proxies that go through the container and do the check before going into your Bean. Methods that are on the Bean class that are not part of any of the client interfaces can only be called by the bean itself (Unless you instantiate the class yourself but then it is a plain Java class not mananged by the container).
Roland Barcia: IBM Distinguished Engineer, CTO Mobile for Lab Services
It is an experimental device that will make my mind that most powerful force on earth! More powerful than this tiny ad!