I have lodged a report to the support email address. wim veninga wrote: > Hi Dave, > > Have you posted a bug report to the orion bug list, or isn't it a bug? > > Have you found a workaround for your security needs, I'm thinking to > write > something myself but if you have already done this could you give some > insight > on how to do this ? > > Thanks in advance, > Greetings Wim Veninga > > Dave Smith wrote: > >> This has been a long running problem that I never received an answer >> to, despite much discussion on this list. >> >> wim veninga wrote: >> >> > Hi all, >> > >> > I have created an set of Enterprise beans and in the assembly >> > descriptor I have >> > defined a set of roles that have some permissions to run methods ( >> > in ejb-jar.xml). >> > When I deploy the application and the modify orion-ejb-jar.xml to >> > map the >> > roles to different groups in the assembly descriptor and than >> > re-start or re-deploy the application (using orionconsole.jar) >> > orion overwrites the changes I've made in >> > orion-ejb-jar.xml (see below for the deployment descriptors >> > ejb-jar.xml, orion-ejb-jar.xml and orion-ejb-jar.xml after >> > re-starting/re-deploying). >> > >> > Has anybody done this in orion (with ejb 2.0 on orion 1.2.0) ? If >> > so can you sent me the deployment descriptors ? >> > >> > Have I made an error ? (The groups are defined in principals.xml >> > and the role-mappings aren't being overwritten in >> > orion-application.xml). >> > >> > Does the default-method-acces tag in orion-ejb-jar.xml means that >> > all the methods that aren't tied to a method permission in >> > ejb-jar.xml can >> > be called by the group/user and that all the methods that are can't >> > be called ? >> > >> > Thanks in advance, >> > Greetings >> > Wim Veninga >> > >> > In ejb-jar.xml: >> > <?xml version="1.0"?> >> > <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise >> > JavaBeans 1.1//EN" "http://java.sun.com/j2ee/dtds/ejb-jar_2_0.dtd"> >> > >> > >> > >> > <!-- KOZIJNCALC BEANS --> >> > >> > <ejb-jar> >> > <description>The deployment descriptor for the com.fnv.kozijncalc >> > beans</description> >> > <enterprise-beans> >> > <entity> >> > <description></description> >> > <ejb-name>Klant</ejb-name> >> > <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home> >> > <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote> >> > >> > <ejb-class>com.fnv.kozijncalc.entities.klanten.KlantEJB</ejb-class> >> > >> > <persistence-type>Container</persistence-type> >> > <prim-key-class>java.lang.Integer</prim-key-class> >> > <reentrant>False</reentrant> >> > <cmp-field><field-name>klantNr</field-name></cmp-field> >> > <cmp-field><field-name>klantNaam</field-name></cmp-field> >> > <cmp-field><field-name>klantAdres</field-name></cmp-field> >> > >> > <cmp-field><field-name>klantPostcode</field-name></cmp-field> >> > <cmp-field><field-name>klantPlaats</field-name></cmp-field> >> > <cmp-field><field-name>klantLand</field-name></cmp-field> >> > >> > <cmp-field><field-name>klantTelefoon</field-name></cmp-field> >> > >> > <cmp-field><field-name>klantContactPersoon</field-name></cmp-field> >> > >> > <primkey-field>klantNr</primkey-field> >> > </entity> >> > <session> >> > <ejb-name>KlantSession</ejb-name> >> > >> > <home>com.fnv.kozijncalc.sessions.klanten.KlantSessionHome</home> >> > >> > <remote>com.fnv.kozijncalc.sessions.klanten.KlantSession</remote> >> > >> > <ejb-class>com.fnv.kozijncalc.sessions.klanten.KlantSessionBean</ejb-class> >> > >> > <session-type>Stateless</session-type> >> > <transaction-type>Container</transaction-type> >> > <ejb-ref> >> > <ejb-ref-name>kozijn/ejb/KlantHome</ejb-ref-name> >> > <ejb-ref-type>Entity</ejb-ref-type> >> > <home>com.fnv.kozijncalc.entities.klanten.KlantHome</home> >> > <remote>com.fnv.kozijncalc.entities.klanten.Klant</remote> >> > <ejb-link>Klant</ejb-link> >> > </ejb-ref> >> > </session> >> > </enterprise-beans> >> > >> > <assembly-descriptor> >> > >> > <!-- Security roles --> >> > >> > <security-role> >> > <role-name>calculator</role-name> >> > </security-role> >> > <security-role> >> > <role-name>hoofd_calculator</role-name> >> > </security-role> >> > <security-role> >> > <role-name>werkvoorbereiding</role-name> >> > </security-role> >> > >> > <!-- The method permissions that the different roles have to call >> > methods --> >> > >> > <!-- The method permissions for the werkvoorbereiding role, >> > currently not any methods--> >> > <method-permission> >> > <role-name>werkvoorbereiding</role-name> >> > </method-permission> >> > <!-- The calculator method permissions --> >> > <method-permission> >> > >> > <description>The permissions of the calculator >> > role</description> >> > <role-name>calculator</role-name> >> > >> > <method> >> > <description>The permissions for the klant entity bean >> > remote</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Remote</method-intf> >> > <method-name>*</method-name> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findAll</method-name> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findByKlantNaam</method-name> >> > <method-params> >> > <method-param>java.lang.String</method-param> >> > </method-params> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findByPrimaryKey</method-name> >> > <method-params> >> > <method-param>java.lang.Integer</method-param> >> > </method-params> >> > </method> >> > <method> >> > <description>The permissions for the klant session bean >> > </description> >> > <ejb-name>KlantSession</ejb-name> >> > <method-name>create</method-name> >> > </method> >> > <method> >> > <description>The permissions for the klant session bean >> > </description> >> > <ejb-name>KlantSession</ejb-name> >> > <method-name>findAllKlanten</method-name> >> > </method> >> > </method-permission> >> > >> > <!-- The hoofd calculator method permissions --> >> > <method-permission> >> > <description>The permissions of the hoofd calculator >> > role</description> >> > <role-name>hoofd_calculator</role-name> >> > <method> >> > <description>The permissions for the klant entity bean >> > remote</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Remote</method-intf> >> > <method-name>*</method-name> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findAll</method-name> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findByKlantNaam</method-name> >> > <method-params> >> > <method-param>java.lang.String</method-param> >> > </method-params> >> > </method> >> > <method> >> > <description>A permission for the klant entity bean >> > home</description> >> > <ejb-name>Klant</ejb-name> >> > <method-intf>Home</method-intf> >> > <method-name>findByPrimaryKey</method-name> >> > <method-params> >> > <method-param>java.lang.Integer</method-param> >> > </method-params> >> > </method> >> > <method> >> > <description>The permissions for the klant session bean >> > </description> >> > <ejb-name>KlantSession</ejb-name> >> > <method-name>*</method-name> >> > </method> >> > </method-permission> >> > >> > <!-- The container transaction properties --> >> > <container-transaction> >> > <method> >> > <ejb-name>Klant</ejb-name> >> > <method-name>*</method-name> >> > </method> >> > <trans-attribute>Supports</trans-attribute> >> > </container-transaction> >> > <container-transaction> >> > <method> >> > <ejb-name>KlantSession</ejb-name> >> > <method-name>*</method-name> >> > </method> >> > <trans-attribute>Supports</trans-attribute> >> > </container-transaction> >> > >> > </assembly-descriptor> >> > >> > </ejb-jar> >> > >> > In orion-ejb-jar.xml after changes before re-start or re-deploy: >> > <?xml version="1.0"?> >> > <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise >> > JavaBeans 1.1 runtime//EN" >> > "http://www.orionserver.com/dtds/orion-ejb-jar.dtd"> >> > >> > <orion-ejb-jar deployment-version="1.2.0" >> > deployment-time="e107600659"> >> > <enterprise-beans> >> > >> > <!-- THE KLANT ENTITY --> >> > <entity-deployment name="Klant" location="kozijn/ejb/KlantHome" >> > wrapper="KlantHome_EntityHomeWrapper177" table="klanten" >> > data-source="jdbc/kozijn/KlantenDS"> >> > <primkey-mapping> >> > <cmp-field-mapping name="klantNr" persistence-name="klantNr" /> >> > >> > </primkey-mapping> >> > <cmp-field-mapping name="klantNaam" persistence-name="klantNaam" >> > /> >> > <cmp-field-mapping name="klantAdres" >> > persistence-name="klantAdres" /> >> > <cmp-field-mapping name="klantPostcode" >> > persistence-name="klantPostcode" /> >> > <cmp-field-mapping name="klantPlaats" >> > persistence-name="klantPlaats" /> >> > <cmp-field-mapping name="klantLand" persistence-name="klantLand" >> > /> >> > <cmp-field-mapping name="klantTelefoon" >> > persistence-name="klantTelefoon" /> >> > <cmp-field-mapping name="klantContactPersoon" >> > persistence-name="klantContactPersoon" /> >> > <finder-method query=""> >> > <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam, >> > klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats, >> > klanten.klantLand, klanten.klantTelefoon, >> > klanten.klantContactPersoon from klanten" --> >> > <method> >> > <ejb-name>Klant</ejb-name> >> > <method-name>findAll</method-name> >> > <method-params> >> > </method-params> >> > </method> >> > </finder-method> >> > <finder-method query="$klantNaam = $1"> >> > <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam, >> > klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats, >> > klanten.klantLand, klanten.klantTelefoon, >> > klanten.klantContactPersoon from klanten where klanten.klantNaam = >> > ?" --> >> > <method> >> > <ejb-name>Klant</ejb-name> >> > <method-name>findByKlantNaam</method-name> >> > <method-params> >> > <method-param>java.lang.String</method-param> >> > </method-params> >> > </method> >> > </finder-method> >> > </entity-deployment> >> > >> > <!-- THE KLANTSESSION BEAN --> >> > <session-deployment name="KlantSession" >> > location="kozijn/ejb/KlantSession" >> > wrapper="KlantSessionHome_StatelessSessionHomeWrapper175" >> > timeout="3600" persistence-filename="KlantSession"> >> > <ejb-ref-mapping name="kozijn/ejb/KlantHome" /> >> > </session-deployment> >> > </enterprise-beans> >> > >> > <assembly-descriptor> >> > >> > <!-- THE ROLE-GROUP MAPPINGS --> >> > <security-role-mapping name="calculator"> >> > <group name="calculatoren" /> >> > </security-role-mapping> >> > <security-role-mapping name="hoofd_calculator"> >> > <group name="hoofd-calculatoren" /> >> > </security-role-mapping> >> > <security-role-mapping name="werkvoorbereiding"> >> > <group name="werkvoorbereidingen" /> >> > </security-role-mapping> >> > >> > <!-- THE DEFAULT METHOD ACCESS --> >> > <default-method-access> >> > <security-role-mapping> >> > <group name="administrators" /> >> > </security-role-mapping> >> > </default-method-access> >> > </assembly-descriptor> >> > </orion-ejb-jar> >> > >> > orion-ejb-jar.xml after re-start or re-deploy: >> > <?xml version="1.0"?> >> > <!DOCTYPE orion-ejb-jar PUBLIC "-//Evermind//DTD Enterprise >> > JavaBeans 1.1 runtime//EN" >> > "http://www.orionserver.com/dtds/orion-ejb-jar.dtd"> >> > >> > <orion-ejb-jar deployment-version="1.2.0" >> > deployment-time="e107600659"> >> > <enterprise-beans> >> > >> > <!-- THE KLANT ENTITY --> >> > <entity-deployment name="Klant" location="kozijn/ejb/KlantHome" >> > wrapper="KlantHome_EntityHomeWrapper177" table="klanten" >> > data-source="jdbc/kozijn/KlantenDS"> >> > <primkey-mapping> >> > <cmp-field-mapping name="klantNr" persistence-name="klantNr" /> >> > >> > </primkey-mapping> >> > <cmp-field-mapping name="klantNaam" persistence-name="klantNaam" >> > /> >> > <cmp-field-mapping name="klantAdres" >> > persistence-name="klantAdres" /> >> > <cmp-field-mapping name="klantPostcode" >> > persistence-name="klantPostcode" /> >> > <cmp-field-mapping name="klantPlaats" >> > persistence-name="klantPlaats" /> >> > <cmp-field-mapping name="klantLand" persistence-name="klantLand" >> > /> >> > <cmp-field-mapping name="klantTelefoon" >> > persistence-name="klantTelefoon" /> >> > <cmp-field-mapping name="klantContactPersoon" >> > persistence-name="klantContactPersoon" /> >> > <finder-method query=""> >> > <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam, >> > klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats, >> > klanten.klantLand, klanten.klantTelefoon, >> > klanten.klantContactPersoon from klanten" --> >> > <method> >> > <ejb-name>Klant</ejb-name> >> > <method-name>findAll</method-name> >> > <method-params> >> > </method-params> >> > </method> >> > </finder-method> >> > <finder-method query="$klantNaam = $1"> >> > <!-- Generated SQL: "select klanten.klantNr, klanten.klantNaam, >> > klanten.klantAdres, klanten.klantPostcode, klanten.klantPlaats, >> > klanten.klantLand, klanten.klantTelefoon, >> > klanten.klantContactPersoon from klanten where klanten.klantNaam = >> > ?" --> >> > <method> >> > <ejb-name>Klant</ejb-name> >> > <method-name>findByKlantNaam</method-name> >> > <method-params> >> > <method-param>java.lang.String</method-param> >> > </method-params> >> > </method> >> > </finder-method> >> > </entity-deployment> >> > >> > <!-- THE KLANTSESSION BEAN --> >> > <session-deployment name="KlantSession" >> > location="kozijn/ejb/KlantSession" >> > wrapper="KlantSessionHome_StatelessSessionHomeWrapper175" >> > timeout="3600" persistence-filename="KlantSession"> >> > <ejb-ref-mapping name="kozijn/ejb/KlantHome" /> >> > </session-deployment> >> > </enterprise-beans> >> > >> > <assembly-descriptor> >> > >> > <!-- THE ROLE-GROUP MAPPINGS --> >> > <security-role-mapping name="calculator"> >> > <group name="" /> >> > </security-role-mapping> >> > <security-role-mapping name=""> >> > <group name="hoofd-calculatoren" /> >> > </security-role-mapping> >> > <security-role-mapping name=""> >> > <group name="werkvoorbereidingen" /> >> > </security-role-mapping> >> > >> > <!-- THE DEFAULT METHOD ACCESS --> >> > <default-method-access> >> > <security-role-mapping> >> > <group name="administrators" /> >> > </security-role-mapping> >> > </default-method-access> >> > </assembly-descriptor> >> > </orion-ejb-jar> >> > >>
begin:vcard n:Smith;Dave tel;cell:+44 797 0008867 tel;work:+44 1225 445610 x-mozilla-html:FALSE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] fn:Dave Smith end:vcard