12 Replies Latest reply on Jun 23, 2006 1:05 PM by j2ee_junkie

    Couldn't apply method permissions to Session EJB method

    atamur

      I have an app with ejb jar and web module.
      My login-config xml is as follows:

      <application-policy name="db_store">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">
       DS/Standard
       </module-option>
       <module-option name="principalsQuery">
       SELECT usr_password FROM users WHERE usr_login = ?
       </module-option>
       <module-option name="rolesQuery">
       SELECT 'XUser', 'Roles' FROM users WHERE usr_login = ?
       </module-option>
       <module-option name="hashAlgorithm">SHA1</module-option>
       <module-option name="hashEncoding">hex</module-option>
       <module-option name="ignorePasswordCase">true</module-option>
       <module-option name="unauthenticatedIdentity">nobody</module-option>
       </login-module>
       </authentication>
       </application-policy>

      My ejb-jar xml is:
      <ejb-jar>
       <enterprise-beans>
       <session>
       <ejb-name>UserEJB</ejb-name>
       <home>user.UserHome</home>
       <remote>user.User</remote>
       <ejb-class>user.UserBean</ejb-class>
       <session-type>Stateless</session-type>
       <transaction-type>Container</transaction-type>
       <security-identity>
       <use-caller-identity/>
       </security-identity>
       </session>
      </enterprise-beans>
       <assembly-descriptor>
       <security-role>
       <role-name>XUser</role-name>
       </security-role>
       <method-permission>
       <role-name>XUser</role-name>
       <method>
       <ejb-name>UserEJB</ejb-name>
       <method-intf>Remote</method-intf>
       <method-name>addInfo</method-name>
       <method-params>
       <method-param>long</method-param>
       <method-param>int</method-param>
       </method-params>
       </method>
       </method-permission>
       <container-transaction>
       <method>
       <ejb-name>UserEJB</ejb-name>
       <method-intf>Remote</method-intf>
       <method-name>addInfo</method-name>
       <method-params>
       <method-param>long</method-param>
       <method-param>int</method-param>
       </method-params>
       </method>
       <trans-attribute>Required</trans-attribute>
       </container-transaction>
       </assembly-descriptor>
      </ejb-jar>

      and, finally, my jboss.xml in jar is:
      <jboss>
       <security-domain>java:/jaas/db_store</security-domain>
       <enterprise-beans>
       <session>
       <ejb-name>UserEJB</ejb-name>
       <jndi-name>ejb/UserEJB</jndi-name>
       </session>
       </enterprise-beans>
      </jboss>

      Now I'm trying to call method addInfo from servlet with not logged in user and it works without any exception.
      Debugger told me that in SecurityInterceptor
      methodRoles.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL)
      is true.

      What am I doing wrong?

      Oh! And I'm getting bean instance like this:
      protected User getUserBean() throws Exception {
       Context initial;
       User user;
       try {
       initial = new InitialContext();
       Object objref = initial.lookup("ejb/UserEJB");
       UserHome home = (UserHome) PortableRemoteObject.narrow(objref, UserHome.class);
       user = home.create();
       } catch (Exception e) {
       log.error("exception while creating user ejb", e);
       throw e;
       }
       return user;
       }


        • 1. Re: Couldn't apply method permissions to Session EJB method
          j2ee_junkie

          atamur,

          Can you provide some trace logging of jboss security at the point where the calls to addInfo is being made.

          thanks, cgriffith

          • 2. Re: Couldn't apply method permissions to Session EJB method
            atamur

            There is no tracing. Here is part of my log. Settings for log4j were :

            <category name="org.jboss.security">
             <priority value="TRACE" class="org.jboss.logging.XLevel"/>
            </category>
            <category name="org.jboss.web.tomcat.security">
             <priority value="TRACE" class="org.jboss.logging.XLevel"/>
            </category>
            <category name="org.apache.catalina">
             <priority value="DEBUG"/>
            </category>
            
            (I took them from FAQ)

            So here is the listing:
            [2006-06-22 08:34:59,250] Module debug: Module is deployed successfully.
            20:35:06,562 DEBUG [CoyoteAdapter] Requested cookie session id is 5617FDDF0016EEFF73E00F8E0CCB0C3A
            20:35:06,562 DEBUG [AuthenticatorBase] Security checking request POST /dwr/plainjs/UserAjax.addInfo.dwr
            20:35:06,562 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[Restricted, Restricted, Restricted, Restricted, Restricted]' against POST
            
            /dwr/plainjs/UserAjax.addInfo.dwr --> false
            20:35:06,562 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[Restricted, Restricted, Restricted, Restricted, Restricted]' against POST
            
            /dwr/plainjs/UserAjax.addInfo.dwr --> false
            20:35:06,562 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[Restricted, Restricted, Restricted, Restricted, Restricted]' against POST
            
            /dwr/plainjs/UserAjax.addInfoce.dwr --> false
            20:35:06,562 DEBUG [RealmBase] Checking constraint 'SecurityConstraint[Restricted, Restricted, Restricted, Restricted, Restricted]' against POST
            
            /dwr/plainjs/UserAjax.addInfo.dwr --> false
            20:35:06,562 DEBUG [RealmBase] No applicable constraint located
            20:35:06,562 DEBUG [AuthenticatorBase] Not subject to any constraint
            20:35:06,562 DEBUG [StandardWrapper] Allocating non-STM instance
            20:35:06,578 INFO [Logger] Logging using commons-logging.
            20:35:06,578 INFO [DwrServlet] DWR Version 2.0.M2 starting.
            20:35:06,828 INFO [HibernateBeanConverter] Found Hibernate3 class: org.hibernate.Hibernate
            20:35:07,187 INFO [DefaultConverterManager] Type 'org.jdom.Document' is not convertable due to missing converter 'jdom'. This is only an problem if you
            
            wanted to use it.
            20:35:07,187 INFO [DefaultConverterManager] Type 'org.jdom.Element' is not convertable due to missing converter 'jdom'. This is only an problem if you
            
            wanted to use it.
            20:35:07,218 DEBUG [StandardWrapper] Returning non-STM instance
            20:35:07,250 INFO [DefaultRemoter] Exec: UserAjax.addInfo()
            20:35:07,250 DEBUG [UserAjax] Setting info...
            20:35:07,281 ERROR [UserOracleDAO] couldn't find login
            ejb.common.NoSuchLoginException: User with following login not found, login='nobody'
             at user.UserOracleDAO.getUserIDByLogin(UserOracleDAO.java:1066)
             at user.UserOracleDAO.getUserIDByPrincipal(UserOracleDAO.java:1045)
             at ejb.main.user.UserBean.getCurrentUserID(UserBean.java:47)
             at ejb.main.user.UserBean.getInfo(UserBean.java:298)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
             at java.lang.reflect.Method.invoke(Unknown Source)
             at org.jboss.invocation.Invocation.performCall(Invocation.java:345)
             at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:214)
             at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:149)
             at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:154)
             at org.jboss.webservice.server.ServiceEndpointInterceptor.invoke(ServiceEndpointInterceptor.java:54)
             at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:48)
             at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:106)
             at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:363)
             at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:166)
             at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:153)
             at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
             at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
             at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
             at org.jboss.ejb.Container.invoke(Container.java:873)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
             at java.lang.reflect.Method.invoke(Unknown Source)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
             at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:155)
             at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:104)
             at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:179)
             at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:165)
             at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
             at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
             at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:97)
             at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:86)
             at $Proxy83.getInfo(Unknown Source)
             at user.UserAjax.addInfo(UserAjax.java:39)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
             at java.lang.reflect.Method.invoke(Unknown Source)
             at org.directwebremoting.impl.ExecuteAjaxFilter.doFilter(ExecuteAjaxFilter.java:34)
             at org.directwebremoting.impl.DefaultRemoter$1.doFilter(DefaultRemoter.java:310)
             at org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:313)
             at org.directwebremoting.impl.DefaultRemoter.execute(DefaultRemoter.java:172)
             at org.directwebremoting.servlet.UrlProcessor.handle(UrlProcessor.java:130)
             at org.directwebremoting.servlet.DwrServlet.doPost(DwrServlet.java:188)
             at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
             at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
             at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
             at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
             at servlets.RuFilter.doFilter(RuFilter.java:47)
             at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
             at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
             at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
             at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
             at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
             at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
             at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
             at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
             at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
             at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407)
             at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
             at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
             at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
             at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
             at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
             at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
             at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
             at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
             at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
             at java.lang.Thread.run(Unknown Source)

            Well, really it was getInfo method that wasn't tested correctly ...
            But whatever, its xml is just the same:
            <method-permission>
             <role-name>XUser</role-name>
             <method>
             <ejb-name>UserEJB</ejb-name>
             <method-intf>Remote</method-intf>
             <method-name>getInfo</method-name>
             <method-params>
             <method-param>long</method-param>
             </method-params>
             </method>
             </method-permission>
             <container-transaction>
             <method>
             <ejb-name>UserEJB</ejb-name>
             <method-intf>Remote</method-intf>
             <method-name>getInfo</method-name>
             <method-params>
             <method-param>long</method-param>
             </method-params>
             </method>
             <trans-attribute>Supports</trans-attribute>
             </container-transaction>


            DWR is an AJAX framework. It's url isn't put into web restricted zone intentionally to test EJB security.

            Any other info needed?


            • 3. Re: Couldn't apply method permissions to Session EJB method
              j2ee_junkie

              It would be extremely useful to get the trace logging from JBoss' security layer. Without that I can only guess what is going on. My guess is that a null username and password is getting passed to DatabaseServerLoginModule, since you have not authenticated the web session. Since the username and password are null, the DSLM is assigning the principal = 'nobody'. However, I am not sure what role is getting assigned. That is why I need to see logging.

              Also, If you are not going to authenticate at the web layer, what is your plan for authenticate/authorize at the EJB level?

              cgriffith

              • 4. Re: Couldn't apply method permissions to Session EJB method
                atamur

                It's not than I'm not going to authenticate user at web layer. Of course I will authenticate him. But I can forget something and leave a possibility for user/hacker to call my business method without authentication. That would be really bad. So now I'm trying to test this declarative permission setting and it doesn't work for me =(

                After debugging I came to the same conclusion: anauthenticated user is assigned principal 'nobody'. But he isn't in role XUser, so theoretically he shouldn't be able to call method getInfo ...


                Here is listing with tracing turned on:

                10:05:46,792 DEBUG [UserAjax] Setting Info ...
                10:05:46,792 TRACE [SecurityAssociation] getPrincipal, principal=null
                10:05:46,792 TRACE [LogInterceptor] Start method=create
                10:05:46,792 TRACE [db_store] Begin isValid, principal:null, cache info: null
                10:05:46,792 TRACE [db_store] defaultLogin, principal=null
                10:05:46,792 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(db_store), size=9
                10:05:46,792 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(db_store), authInfo=AppConfigurationEntry[]:
                [0]
                LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
                ControlFlag: LoginModuleControlFlag: required
                Options:name=hashEncoding, value=hex
                name=rolesQuery, value=SELECT 'XUser', 'Roles' FROM users WHERE usr_login = ?
                name=principalsQuery, value=SELECT usr_password FROM users WHERE usr_login = ?
                name=unauthenticatedIdentity, value=nobody
                name=hashAlgorithm, value=SHA1
                name=ignorePasswordCase, value=true
                name=dsJndiName, value=DS/Standard
                
                10:05:46,792 TRACE [DatabaseServerLoginModule] initialize, instance=@15500446
                10:05:46,792 TRACE [DatabaseServerLoginModule] Saw unauthenticatedIdentity=nobody
                10:05:46,792 TRACE [DatabaseServerLoginModule] Password hashing activated: algorithm = SHA1, encoding = hex, charset = {default}, callback = null, storeCallback = null
                10:05:46,792 TRACE [DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=DS/Standard
                10:05:46,792 TRACE [DatabaseServerLoginModule] principalsQuery=SELECT usr_password FROM users WHERE usr_login = ?
                10:05:46,792 TRACE [DatabaseServerLoginModule] rolesQuery=SELECT 'XUser', 'Roles' FROM users WHERE usr_login = ?
                10:05:46,792 TRACE [DatabaseServerLoginModule] suspendResume=true
                10:05:46,792 TRACE [DatabaseServerLoginModule] login
                10:05:46,792 TRACE [DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=nobody
                10:05:46,792 TRACE [DatabaseServerLoginModule] User 'nobody' authenticated, loginOk=true
                10:05:46,792 TRACE [DatabaseServerLoginModule] commit, loginOk=true
                10:05:46,792 TRACE [db_store] defaultLogin, lc=javax.security.auth.login.LoginContext@155e0bc, subject=Subject(18178978).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members))
                10:05:46,792 TRACE [db_store] updateCache, inputSubject=Subject(18178978).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members)), cacheSubject=Subject(20991057).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members))
                10:05:46,792 TRACE [db_store] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5292e6[Subject(20991057).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members)),credential.class=null,expirationTime=1151044507027]
                10:05:46,792 TRACE [db_store] End isValid, true
                10:05:46,792 TRACE [SecurityAssociation] pushSubjectContext, subject=Subject:
                 Principal: nobody
                 Principal: Roles(members)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@12a6e85{principal=null,subject=12450318}
                10:05:46,792 TRACE [SecurityInterceptor] Authenticated principal=null
                10:05:46,792 TRACE [SecurityInterceptor] method=public abstract ru.singlecity.ejb.main.user.User ru.singlecity.ejb.main.user.UserHome.create() throws java.rmi.RemoteException,javax.ejb.CreateException, interface=HOME, requiredRoles=[<ANYBODY>]
                10:05:46,792 TRACE [SecurityAssociation] pushRunAsIdentity, runAs=null
                10:05:46,792 TRACE [TxInterceptorCMT] Current transaction in MI is null
                10:05:46,792 TRACE [TxInterceptorCMT] TX_REQUIRED for create timeout=0
                10:05:46,792 TRACE [TxInterceptorCMT] Thread came in with tx null
                10:05:46,792 TRACE [TxInterceptorCMT] Starting new tx TransactionImpl:XidImpl[FormatId=257, GlobalId=RUMATA/21, BranchQual=, localId=21]
                10:05:46,807 TRACE [StatelessSessionInstancePool] Get instance org.jboss.ejb.plugins.StatelessSessionInstancePool@6bcf5d#0#class ru.singlecity.ejb.main.user.UserBean
                10:05:46,823 TRACE [StatelessSessionInstancePool] 0/100 Free instance:org.jboss.ejb.plugins.StatelessSessionInstancePool@6bcf5d#null#null#true#class ru.singlecity.ejb.main.user.UserBean
                10:05:46,823 TRACE [TxInterceptorCMT] TxInterceptorCMT: In finally
                10:05:46,823 TRACE [SecurityAssociation] popRunAsIdentity, runAs=null
                10:05:46,823 TRACE [SecurityAssociation] popSubjectContext, sc=org.jboss.security.SecurityAssociation$SubjectContext@12a6e85{principal=null,subject=12450318}
                10:05:46,823 TRACE [LogInterceptor] End method=create
                10:05:46,823 TRACE [SecurityAssociation] getPrincipal, principal=null
                10:05:46,823 TRACE [LogInterceptor] Start method=getInfo
                10:05:46,823 TRACE [db_store] Begin isValid, principal:null, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5292e6[Subject(20991057).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members)),credential.class=null,expirationTime=1151044507027]
                10:05:46,823 TRACE [db_store] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5292e6[Subject(20991057).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members)),credential.class=null,expirationTime=1151044507027];credential.class=null
                10:05:46,823 TRACE [db_store] End validateCache, isValid=true
                10:05:46,823 TRACE [db_store] End isValid, true
                10:05:46,823 TRACE [SecurityAssociation] pushSubjectContext, subject=Subject:
                 Principal: nobody
                 Principal: Roles(members)
                , sc=org.jboss.security.SecurityAssociation$SubjectContext@139d369{principal=null,subject=23507167}
                10:05:46,823 TRACE [SecurityInterceptor] Authenticated principal=null
                10:05:46,823 TRACE [SecurityInterceptor] method=public abstract ru.singlecity.ejb.common.entity.user.UserInfoEntity ru.singlecity.ejb.main.user.User.getInfo(long) throws java.rmi.RemoteException, interface=REMOTE, requiredRoles=[<ANYBODY>]
                10:05:46,823 TRACE [SecurityAssociation] pushRunAsIdentity, runAs=null
                10:05:46,823 TRACE [TxInterceptorCMT] Current transaction in MI is null
                10:05:46,823 TRACE [TxInterceptorCMT] TX_SUPPORTS for getInfo
                10:05:46,823 TRACE [TxInterceptorCMT] Thread came in with tx null
                10:05:46,823 TRACE [StatelessSessionInstancePool] Get instance org.jboss.ejb.plugins.StatelessSessionInstancePool@6bcf5d#1#class ejb.main.user.UserBean
                10:05:46,823 TRACE [db_store] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5292e6[Subject(20991057).principals=org.jboss.security.SimplePrincipal@7173558(nobody)org.jboss.security.SimpleGroup@25881278(Roles(members)),credential.class=null,expirationTime=1151044507027]
                10:05:46,823 ERROR [UserOracleDAO] couldn't find login
                ejb.common.NoSuchLoginException: User with following login not found, login='nobody'
                 at dao.user.UserOracleDAO.getUserIDByLogin(UserOracleDAO.java:1066)
                 ......


                • 5. Re: Couldn't apply method permissions to Session EJB method
                  j2ee_junkie

                  Atamur,

                  Thank you for your details. The logs say it all. Here is the problem


                  10:05:46,823 TRACE [SecurityInterceptor] method=public abstract ru.singlecity.ejb.common.entity.user
                  .UserInfoEntity ru.singlecity.ejb.main.user.User.getInfo(long) throws java.rmi.RemoteException, inte
                  rface=REMOTE, requiredRoles=[<ANYBODY>]

                  However, I am not sure of why the problem exists. Your User bean is configured to let any authenticated user with any role access the getInfo method. This is of course not what you want. Please provide a new (complete) version of your ejb-jar.xml and the remote interface (just the getInfo()) files for review .

                  thanks, cgriffith

                  • 6. Re: Couldn't apply method permissions to Session EJB method
                    atamur

                    Thanks for your replies!

                    Something strange is going on.
                    When I tried to remove all other beans and methods from ejb-jar.xml (to make it smaller to post it here) getInfo suddenly started working correctly.
                    When I reverted file - stopped.

                    I can post here all the ejb-jar.xml but it's ~2000 lines long. Should I post? Maybe you have ideas about what's going on?

                    • 7. Re: Couldn't apply method permissions to Session EJB method
                      j2ee_junkie

                      I would just scrutinize your ejb-jar.xml file against the schema. If you hand edit, make sure all elements are correct and in correct order. You may also try trace logging on the deployer to see what is happening at deploy time. I think you are on the way to getting this solved.

                      later, cgriffith

                      • 8. Re: Couldn't apply method permissions to Session EJB method
                        atamur

                        Well, this file wasn't written by hand =)
                        My IDE believes everything is ok with scheme.

                        I feel that I'm missing smthng important ...

                        Here is the file =)

                        <?xml version="1.0" encoding="UTF-8"?>
                        <!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN' 'http://java.sun.com/dtd/ejb-jar_2_0.dtd'>
                        <ejb-jar>
                         <enterprise-beans>
                         <session>
                         <ejb-name>OrderEJB</ejb-name>
                         <home>ejb.main.order.OrderHome</home>
                         <remote>ejb.main.order.Order</remote>
                         <ejb-class>ejb.main.order.OrderBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         <env-entry>
                         <env-entry-name>param/OrderDAOClass</env-entry-name>
                         <env-entry-type>java.lang.String</env-entry-type>
                         <env-entry-value>dao.order.OrderOracleDAO</env-entry-value>
                         </env-entry>
                         </session>
                         <session>
                         <ejb-name>RaceControllerEJB</ejb-name>
                         <home>ejb.main.raceleader.RaceControllerHome</home>
                         <remote>ejb.main.raceleader.RaceController</remote>
                         <ejb-class>ejb.main.raceleader.RaceControllerBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <session>
                         <ejb-name>BlogEJB</ejb-name>
                         <home>ejb.main.blog.BlogHome</home>
                         <remote>ejb.main.blog.Blog</remote>
                         <ejb-class>ejb.main.blog.BlogBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <session>
                         <ejb-name>ChatEJB</ejb-name>
                         <home>ejb.main.chat.ChatHome</home>
                         <remote>ejb.main.chat.Chat</remote>
                         <ejb-class>ejb.main.chat.ChatBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <session>
                         <ejb-name>UserEJB</ejb-name>
                         <home>ejb.main.user.UserHome</home>
                         <remote>ejb.main.user.User</remote>
                         <ejb-class>ejb.main.user.UserBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         <security-identity>
                         <use-caller-identity/>
                         </security-identity>
                         </session>
                         <session>
                         <ejb-name>GalleryEJB</ejb-name>
                         <home>ejb.main.gallery.GalleryHome</home>
                         <remote>ejb.main.gallery.Gallery</remote>
                         <ejb-class>ejb.main.gallery.GalleryBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <session>
                         <ejb-name>PlanEJB</ejb-name>
                         <home>ejb.main.plan.PlanHome</home>
                         <remote>ejb.main.plan.Plan</remote>
                         <ejb-class>ejb.main.plan.PlanBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <session>
                         <ejb-name>SearchEJB</ejb-name>
                         <home>ejb.main.search.SearchHome</home>
                         <remote>ejb.main.search.Search</remote>
                         <ejb-class>ejb.main.search.SearchBean</ejb-class>
                         <session-type>Stateless</session-type>
                         <transaction-type>Container</transaction-type>
                         </session>
                         <entity>
                         <ejb-name>RaceUserEJB</ejb-name>
                         <local-home>ejb.main.raceleader.LocalRaceUserHome</local-home>
                         <local>ejb.main.raceleader.LocalRaceUser</local>
                         <ejb-class>ejb.main.raceleader.RaceUserBean</ejb-class>
                         <persistence-type>Container</persistence-type>
                         <prim-key-class>java.lang.Long</prim-key-class>
                         <reentrant>False</reentrant>
                         <cmp-version>2.x</cmp-version>
                         <abstract-schema-name>RaceUser</abstract-schema-name>
                         <cmp-field>
                         <field-name>usrID</field-name>
                         </cmp-field>
                         <cmp-field>
                         <field-name>stakeNum</field-name>
                         </cmp-field>
                         <cmp-field>
                         <field-name>lastStakeDate</field-name>
                         </cmp-field>
                         <cmp-field>
                         <field-name>sysID</field-name>
                         </cmp-field>
                         <primkey-field>usrID</primkey-field>
                        
                         <query>
                         <query-method>
                         <method-name>findTopList</method-name>
                         <method-params>
                         <method-param>java.lang.Integer</method-param>
                         </method-params>
                         </query-method>
                         <ejb-ql></ejb-ql>
                         </query>
                        
                         </entity>
                         </enterprise-beans>
                         <assembly-descriptor>
                         <security-role>
                         <role-name>XUser</role-name>
                         </security-role>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addComment</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addRecord</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>delComment</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>delRecord</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>accept</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>invite</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>reject</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>close</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>sendMessage</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCallOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRaceOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getSMSOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>clearCurrentUserInterview</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllCurrentUserInterviews</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllInterviews</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserForm</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserFormCategory</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserInterview</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserPortrait</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveInterview</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.interview.UserInterview</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>savePortrait</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.portrait.Portrait</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveUserFormCategory</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.user.UserFormCategory</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>toggleCurrentUserFormCategory</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>boolean</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAccountInformation</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecord</method-name>
                         <method-params>
                         <method-param>java.util.Date</method-param>
                         <method-param>java.util.Date</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>editPhoto</method-name>
                         <method-params>
                         <method-param>org.apache.struts.validator.DynaValidatorForm</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getLatestOrderNumber</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserImageByOrder</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>makeDefault</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>rotatePhoto</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveUserImage</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.photo.UserImage</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>deletePlan</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>deletePlans</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlan</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveOrUpdatePlan</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.plan.PlanEntity</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlans</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getMeeting</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveMeeting</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.plan.MeetingEntity</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecords</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecord</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getComments</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>editRecord</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getVoiceListenOrderCode</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getVoiceAddOrderCode</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>SearchEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addInfo</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getInfo</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getInfos</method-name>
                         <method-params>
                         <method-param>java.lang.Long[]</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserEntity</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addUser</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.Integer</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>checkEmailUniqueness</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>checkLoginUniqueness</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>confirmRegistration</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getInterview</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPortrait</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserEntity</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserForm</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserFormCategory</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserFullEntity</method-name>
                         <method-params>
                         <method-param>java.lang.Long[]</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserIdByLogin</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>SearchEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>simpleSearch</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.search.SimpleSearchCriteria</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>SearchEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getMeetingCategories</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlanCategories</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserImageByOrder</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getFirstPhotoIn</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCategories</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllPhotos</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllPhotos</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>deletePhoto</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addPhoto</method-name>
                         <method-params>
                         <method-param>org.apache.struts.upload.FormFile</method-param>
                         <method-param>int</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addLocalPhoto</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>*</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>*</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-name>*</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecordOwnerID</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>updateOnlineInfo</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <role-name>XUser</role-name>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRatingOrderCode</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getByOrdCode</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>*</method-name>
                         </method>
                         </method-permission>
                         <method-permission>
                         <unchecked/>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Home</method-intf>
                         <method-name>create</method-name>
                         </method>
                         </method-permission>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addUser</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.Integer</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>confirmRegistration</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addComment</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addRecord</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>delComment</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>delRecord</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecords</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>accept</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>close</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>invite</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>reject</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>sendMessage</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>ChatEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>*</method-name>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getByOrdCode</method-name>
                         <method-params>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCallOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRaceOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>OrderEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getSMSOrderCode</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>BlogEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecord</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserForm</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserFormCategory</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserInterview</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserPortrait</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getInterview</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPortrait</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserForm</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserFormCategory</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveInterview</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.interview.UserInterview</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>savePortrait</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.portrait.Portrait</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveUserFormCategory</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.user.UserFormCategory</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>toggleCurrentUserFormCategory</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>boolean</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllInterviews</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllCurrentUserInterviews</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAccountInformation</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>UserEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getRecord</method-name>
                         <method-params>
                         <method-param>java.util.Date</method-param>
                         <method-param>java.util.Date</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addLocalPhoto</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         <method-param>int</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>addPhoto</method-name>
                         <method-params>
                         <method-param>org.apache.struts.upload.FormFile</method-param>
                         <method-param>int</method-param>
                         <method-param>java.lang.String</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>editPhoto</method-name>
                         <method-params>
                         <method-param>org.apache.struts.validator.DynaValidatorForm</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getAllPhotos</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCategories</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getCurrentUserID</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getLatestOrderNumber</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getUserImageByOrder</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>makeDefault</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>rotatePhoto</method-name>
                         <method-params>
                         <method-param>int</method-param>
                         <method-param>int</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>GalleryEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveUserImage</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.photo.UserImage</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>RequiresNew</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>deletePlan</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>deletePlans</method-name>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlan</method-name>
                         <method-params>
                         <method-param>long</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlanCategories</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getPlans</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>saveOrUpdatePlan</method-name>
                         <method-params>
                         <method-param>ejb.common.entity.plan.PlanEntity</method-param>
                         </method-params>
                         </method>
                         <trans-attribute>Required</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getMeeting</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>getMeetingCategories</method-name>
                         </method>
                         <trans-attribute>Supports</trans-attribute>
                         </container-transaction>
                         <container-transaction>
                         <method>
                         <ejb-name>PlanEJB</ejb-name>
                         <method-intf>Remote</method-intf>
                         <method-name>checkPlanAccess</method-name>
                         <method-params>
                         <method-param>long</metho


                        • 9. Re: Couldn't apply method permissions to Session EJB method
                          atamur

                          Ooops.
                          It got truncated.

                          Here is downloadable version: http://slil.ru/22867564

                          • 10. Re: Couldn't apply method permissions to Session EJB method
                            j2ee_junkie

                            I think this might by your problem...

                             <method-permission>
                             <unchecked/>
                             <method>
                             <ejb-name>UserEJB</ejb-name>
                             <method-intf>Remote</method-intf>
                             <method-name>*</method-name>
                             </method>
                             </method-permission>
                            


                            cgriffith

                            • 11. Re: Couldn't apply method permissions to Session EJB method
                              atamur

                               

                              "j2ee_junkie" wrote:
                              I think this might by your problem...

                               <method-permission>
                               <unchecked/>
                               <method>
                               <ejb-name>UserEJB</ejb-name>
                               <method-intf>Remote</method-intf>
                               <method-name>*</method-name>
                               </method>
                               </method-permission>
                              


                              cgriffith
                              Oh! A lot of time lost because of my carelessness =((
                              Thanks!!!

                              Btw, shouldn't more specific declarations override less specific?

                              • 12. Re: Couldn't apply method permissions to Session EJB method
                                j2ee_junkie

                                I think the wildcard trumps all. Good question though. I'll have to look into that sometime.

                                later, cgriffith