Hello all. In our project we are using EJB 2.1 and I am trying to write security tests to check that user with specific role is able to execute such ejb method. After 2 days looking through examples/docs I started them successfully. But found strange behaviour in security tests. I have a test user 'user1' which has 1 role 'Role2'. piece of ejb-jar.xml file : <method-permission> <role-name>Role1</role-name> <method> <ejb-name>TradeEvent</ejb-name> <method-name>rebuildEventMessage</method-name> </method> </method-permission> <method-permission> <role-name>Role2</role-name> <method> <ejb-name>TradeEvent</ejb-name> <method-name>rebuildEventMessage</method-name> </method> </method-permission>
if I run my test with such sequence of method-permission nodes, 'Role2' declared after Role1. Test works fine. but if I put method-permission for Role1 after Role2 (just change sequnce of declaration) in ejb-jar.xml test fail with 'Access denied' if I grant Role1 to user test works again. This is seems like a bug for me. Only latest declaration for bean is working. Could anyone please suggest something ? Best regards Alexey Dranchuk
Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mails are not encrypted and cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. UBS reserves the right to retain all messages. Messages are protected and accessed only in legally justified cases.