Any methods without permissions are equivalent to defining the methods to be in the exclude-list and not invokable by anyone. When a security-domain is defined the default is no access. You have to explicity define what should be accessible. You also cannot make calls to unchecked methods from an unsecured servlet. There still has to be a principal without roles. See the security chapter in the admin and devel book.
xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "Gary S. Cuozzo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 31, 2002 7:08 AM Subject: Re: [JBoss-user] application security configuration > In my ejb-jar.xml file I have: > > <method-permission > > <description>description not supported yet by > ejbdoclet</description> > <unchecked/> > <method > > <description>description not supported yet by > ejbdoclet</description> > <ejb-name>ClientSessionBean</ejb-name> > <method-name>*</method-name> > </method> > </method-permission> > > and other ones like: > > <method-permission > > <description>description not supported yet by ejbdoclet</description> > <unchecked/> > <method > > <description><![CDATA[]]></description> > <ejb-name>ClientSessionBean</ejb-name> > <method-intf>Remote</method-intf> > <method-name>authenticate</method-name> > <method-params> > <method-param>java.lang.String</method-param> > <method-param>java.lang.String</method-param> > <method-param>java.lang.String</method-param> > </method-params> > </method> > </method-permission> > > Is my syntax wrong? Oddly enough, I've even tried removing ALL the > method permissions but leaving the security domain enabled, and still > cannot call into the bean. I'm doing something else wrong I think. > Now, to find out what it is! :) > > gary. ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
