This content has been marked as final.
Show 4 replies
-
1. Re: method-permission problem
darranl Apr 4, 2005 6:04 AM (in response to morenito9000)Because that is how you have configured it: -
<method-permission > <description></description> <role-name>Ips</role-name> <role-name>Aci</role-name> <role-name>Prg</role-name> <method > <description></description> <ejb-name>Modify</ejb-name> <method-name>*</method-name> </method> </method-permission>
The three roles are listed and can call any method.
You need to configure it so that 'Ips' and 'Aci' are configured to call all methods.
Then for 'Prg' you will need to add a method-permission that lists the callable methods. -
2. Re: method-permission problem
morenito9000 Apr 5, 2005 5:31 AM (in response to morenito9000)Thank you Darranl,
I followed your suggest and now everything is Ok
except one thing.
When Prg Role calls remove() on session bean
I have a SecurityException generated by JBoss.
I'm using Xdoclet to write my session bean's class
(it automatically generates ejb-jar.xml file and
bean's interfaces) and I don't find in ejb-jar.xml file
an authorization for role Prg to call remove() method.
I put this code (by hand) inside ejb-jar.xml file:<method-permission > <description></description> <role-name>Prg</role-name> <role-name>Lis</role-name> <method > <description></description> <ejb-name>Modify</ejb-name> <method-intf>Home</method-intf> <method-name>remove</method-name> <method-params> </method-params> </method> </method-permission>
and restarted JBoss, but the problem is still present.
JBoss says that remove() method is callable only
by Ips and Aci Roles.
Thank You
Moreno -
3. Re: method-permission problem
morenito9000 Apr 5, 2005 7:23 AM (in response to morenito9000)In ejb-jar.xml file I made a mistake.
The correct <method-permission> section is:<method-permission > <description></description> <role-name>Prg</role-name> <role-name>Lis</role-name> <method > <description></description> <ejb-name>Modify</ejb-name> <method-intf>Remote</method-intf> <method-name>remove</method-name> </method> </method-permission>
<method-intf> must be Remote and not Home (I need
to use remove() method of remote interface, the method
without arguments).
Last problem is : which Xdoclet tags I need to use
to generate the <method-permission> section above
described ??
Many thanks
Moreno -
4. Re: method-permission problem
gozilla Apr 5, 2005 2:39 PM (in response to morenito9000)Hi morenito9000
Something you could also have tried is to specify the wildcard permission after the other one. Order often made a difference in descriptors.
Gozilla