All the methods defined in the remote or home interface and all superinterfaces, including the methods defined in the EJBObject and EJBHome interfaces, can be assigned security roles in the <method-permission> elements. Any method that is excluded will not be accessible by any security role.
I have created a private method in my Stateless Session Bean. Can I assign permissions to methods which are (1) private (2) not exported in the remote nor local interface ? Will they work ?
[ April 30, 2004: Message edited by: Kyle Brown ]
Methods that are on the Bean class that are not part of any of the client interfaces can only be called by the bean itself (Unless you instantiate the class yourself but then it is a plain Java class not mananged by the container).