Hi Jeff,

My understanding is that "guest" is the system-dependent name that Orion
uses for the concept of the unauthenticated user.  (The specs explicitly
state that the name used is system dependent, which seems a bit odd, but
never mind).  If I'm right on that, then I would not necessarily expect you
to be able to assign security roles to "guest".  However, couldn't you
achieve what you want simply by not specifying ANY security restrictions
for that one method?

Nick

At 03:05 AM 10/19/00 -0700, you wrote:
>Some variant of this has got to be one of the top five questions asked
>on this list, and it has never been answered.  I really, really, really
>need a simple answer:
> 
>How do I assign security roles to "guest"?  Is it even possible?
> 
>No matter what I put in the various principals.xml files (and believe
>me, I've tried just about everything) I can't seem to allow the
>unauthenticated user to call an EJB method.  It's driving me insane.  My
>girlfriend tells me that while sleeping I thrash about mumbilng
>"com.evermind.server.rmi.OrionRemoteException: guest is not allowed to
>call this EJB method..."  I'm not by nature a violent person, but if I
>ever meet this "guest", I'm going to reach out and throttle him :-)
> 
>I have a reasonably straightforward system which represents users as
>entity beans and allows anyone to connect to the system and create an
>account.  Thus, there must be a moment in time when the user must
>interact with the EJB system to create the entity bean *before* he or
>she can be logged in.  I want to grant "guest" access to a single method
>on a single session bean.  Why can't I seem to do this?  I can't imagine
>that this pattern has not been implemented a bazillion times already.
> 
>I was able to get everything working before by commenting all
>security-related material out of my EJBs' deployment descriptors (thus
>leaving the system wide open).  Now I'm ready to put security back into
>the system, but the web-application <runAs> tag doesn't seem to be
>implemented yet.  So I want to give a limited security role to "guest".
>Heeeeeeelp!
> 
>Thanks,
>Jeff Schnitzer
>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 


Reply via email to