I have a EmployeeApplication session bean with ejb-ref to EmployeeEntity bean which is a BMP bean.
EmployeeApplicationBean has security-identity defined as
<security-identity>
<run-as>
<role-name>InternalUser</role-name>
</run-as>
</security-identity>
Method permission for InternalUser is defined as
<method-permission>
<role-name>InternalUser</role-name>
<ejb-name>EmployeeEntity</ejb-name>
<method-name>*</method-name>
</method-permission>
when EmployeeApplication bean calls method on EmployeeEntity bean, all method calls from the Remote interface gives
java.lang.SecurityException: Insufficient method permissions, principal=abcd, method=getEmpId, interface=REMOTE, requiredRol
es=[InternalUser], principalRoles=[Manager]
user abcd is assigned manager role and given all method permission on EmployeeApplication bean.
** There are no exception thrown when EmployeeApplication bean calls create and finder methods on the referenced EmployeeEntity bean.
Any help highly solicited
Thanks,
Mani.