--- Jeremy Cowgar <[EMAIL PROTECTED]> wrote: > > Setting permission on class level forces xdoclet > to > > generate following entry: > > > > <method-permission > > > <description><![CDATA[description not > > supported yet by ejbdoclet]]></description> > > <role-name>admin</role-name> > > <role-name>data</role-name> > > <method > > > <description><![CDATA[description not > > supported yet by ejbdoclet]]></description> > > <ejb-name>Rider</ejb-name> > > <method-name>*</method-name> > > </method> > > </method-permission> > > > > And of course such permission matches every method > > > in your EJB. Setting permission on method > > creates yet another entry, but just for specified > > method - and does not invalidate globbed > permission. > > > > regards, > > My source code (only revelant parts of course) > /** > * .... > * @ejb.permission role-name="user" > */ > public class ......... > /** > * ........ > * @ejb.permission role-name="Hello" > */ > public PatientObjectValue getPatientObject() > ................. > > That produces: > > <method-permission> > <role-name>user</role-name> > <method> > <ejb-name>PatientEntity</ejb-name> > <method-name>*</method-name> > </method> > </method-permission> > <method-permission> > <role-name>Hello</role-name> > <method> > <ejb-name>PatientEntity</ejb-name> > > <method-name>getPatientObjectValue</method-name> > <method-params> > </method-params> > </method> > </method-permission> > > A user with only the "user" role can still run the > method > getPatientObjectValue. I am using JBoss-3.0.3 ... Is > JBoss the problem > or am I doing something incorrect?
Hmm, as honest judge I would put blame on you :) * in method name means that this permission applies to every method in your bean - also to getPatientObjectValue. But user holding role "Hello" would be able to run only this method. Roles are additive... I give universal permission only to administrative roles, which ought to be able to call everything, and then ease restrictions on some methods for those who need it ( I'm also using JBoss ) regards, ===== Konstantin Priblouda ( ko5tik ) Freelance Software developer < http://www.pribluda.de > < play java games -> http://www.yook.de > < render charts online -> http://www.pribluda.de/povray/ > __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Xdoclet-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/xdoclet-user
