Hi, I cannot override security annotations in OpenEJB3 (the same concerns OpenEJB3.1). In the following example I cannot call createStudent with role SysAdmin. When I remove security annotation I can call createStudent only with role SysAdmin. That means that I can set method permissions in ejb-jar.xml but not override them.
--LOG-- INFO: The transaction has been marked rollback only because the bean encountered a non-application exception :javax.ejb.EJBAccessException : Unauthorized Access by Principal Denied --LOG-- Is something wrong with my code or with OpenEjb? Can you help me to solve this problem? I use OpenEjb for unit testing. Application is deployed on Glassfish server and method permissions are correctly set there. --EJB-- @RolesAllowed({"StudentAdmin"}) public void createStudent.... --sun-ejb.jar-- <assembly-descriptor> <security-role> <role-name>SysAdmin</role-name> </security-role> <method-permission> <role-name>SysAdmin</role-name> <method> <ejb-name>StudentEndpoint</ejb-name> <method-name>createStudent</method-name> </method> </method-permission> Thanks in advance -- Marcin Kwapisz Division of Computer Networks Technical Univeristy of Lodz, Poland