Hello,
After many time spent in trying to implement a demo J2EE application with
security, I discovered a bug in the mapping between role and user/group
process.
My demo app is composed of 2 HTML pages (index.html/login.html), 1 servlet
and 1 session EJB. Only one role (adsoft) is used and
(194.230.192.154) by freesurfmail.sunrise.ch (
5.1.034) id 39BDF3DE00091C8E for [EMAIL PROTECTED]; Mon,
18 Sep 2000 14:38:19 +0200
Reply-to: "Orion-Interest" [EMAIL PROTECTED]
From: "Denis Jaccard" [EMAIL PROTECTED]
To: "Orion-Interest" [EMAIL PROTECTED]
Subject: Security Rol
Hi Denis,
Yes! Thank you! I have reported this problem several times myself (before
bugzilla). I found that if you change your ejb-jar.xml file to
(incorrectly) use the GROUP name instead of the ROLE name, then access is
granted.
However, the behaviour also depends on where you specify the