Falk Langhammer wrote:
>
> This should mean that 'falk' is logged in and is in role 'master' and
I have verified that 'request.isUserInRole("master")==true' in the
web-tier. There must be a problem in the EJB container.
BTW
I meanwhile found a posting:
>From: Peter Delahunty
>Subject: I have solved the security problem in Orion
>Date: Wed, 15 Nov 2000 05:30:38 -0800
This posting states that more than one role accessing a method cannot be
configured. This INHO would be a severe bug and would render the J2EE
security model close to useless with Orion.
We *do* have this situation: 4 roles of 'master', 'editor', 'publisher'
and 'any'.
In another posting I found that role and group names must be equal.
In turn this means that only one group can access any bean method.
Thus, do I have to leave Orion alone when it comes to security issues?
Any bugfixes which have appeared or which are announced. I have a hard
time to believe that these basics dont func.
Bye,
Falk
--
Dr. Falk Langhammer
Living Pages Research GmbH
Holzstr. 19 D-80469 Munich, Germany
mailto:[EMAIL PROTECTED] http://www.living-pages.de
Phone +49 (89) 260 255 32 Fax +49 (89) 260 255 35
Mobil +49 (171) 79 39 667
mailto:[EMAIL PROTECTED] (urgent SMS with subject header)