Hello
I would like to allow an external user to have access to some EJB methods.
I have successfully set all the security constraints, however
the only way I have found to get my client app to work is with the
following entry in principals.xml
<principals>
<groups>
<group name="RemoteAccess">
<description>RemoteAccess</description>
<permission name="administration" />
</group>
</groups>
<users>
<user username="remote" password="access">
<description>Remote Access Group</description>
<group-membership group="RemoteAccess" />
</user>
</users>
</principals>
The problem is that the line
<permission name="administration" />
in the <groups> tag gives too much privilege to the remote user,
for example, the remote user can shutdown the server.
If I remove this line, there is a security exception thrown.
I have not found a setting that will allow the user to have access to
an ejb method, but not access to server commands.
Does anyone know of other permission names?
Thank You
Doug Graesser
