Greetings, I'm updating my EJBs from empty security settings to a role properties permissions. Only a mininal subset of my methods will have a permission check. The majority (including all entity beans except create and remove methods) will be unchecked.
I don't know the implementation details of security in JBOSS, so I would like to hear your opinion about the overhead of the security on EJB methods, for instance: - The unchecked methods will have any weight at runtime? - If my logic calls method _1() -> method _2() -> ... -> method _N(), and all the methods have security permission set, will the container verify just the first time or in each method step, there will be a significant weight on the security check? - The role check based on file properties (just for 1 or 2 single static users) is the best approach for securing EJB methods? - ... I would like to hear you about these issues and others... Regards, Pedro Salazar. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3840811#3840811 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3840811 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user