Hello,
I have a few questions about the EJB 1.1 security model:
If no method permissions are defined for a bean, are all roles allowed
access to all methods for that bean? (equivalent to :
<method-permission>
< role-name> * </role-name>
<bean-name> Mybean </beanname>
<method-name> * </method-name>
</method-permission>
If the following 2 method permissions are defined on a bean:
role A, wildcard (all methods)
and role B, debit() (only one method),
then, if a user is in roleA, the user can still access the debit()
method right?
If a user neither in roleA or role B, accesses debit() or credit()
methods of the bean, this user will be denied access to the bean and all
of the bean methods, right?
Thanks!
Smita.
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
