(I am relatively new to EJBs.)

Using JBoss 4.2.3, EJB 2.0, JDK 1.5.

Trying to add access control to an EJB, using the simple properties file style of domain.

Not working. It's as if the method permissions I define in ejb-jar.xml are not picked up. Error message :

Insufficient method permissions, principal=admin, ejbName=CurrentTimeEJB, method=create, interface=HOME, requiredRoles=[], principalRoles=[Manager, Clerk]

The problem is that the requiredRoles are empty, and they shouldn't be.

The login seems to succeed OK.

jboss.xml:

<jboss>
 <security-domain>java:/jaas/simple-domain</security-domain>
 <!-- <missing-method-permissions-excluded-mode>false</missing-method-permissions-excluded-mode> -->
</jboss>

When the second item above is uncommented, it works fine. But that means that my method permissions are not being 'seen' in the first place.

ejb-jar.xml:

<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD
Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
 <ejb-jar>

 <enterprise-beans>
 <session>
 <ejb-name>CurrentTimeEJB</ejb-name>
 <remote>simpleejb.timeserver.CurrentTimeRemote</remote>
 <home>simpleejb.timeserver.CurrentTimeRemoteHome</home>
 <ejb-class>simpleejb.timeserver.CurrentTimeBean</ejb-class>
 <session-type>Stateless</session-type>
 <transaction-type>Container</transaction-type>
 </session>
 </enterprise-beans>

 <assembly-descriptor>
 <security-role>
 <role-name>Manager</role-name>
 </security-role>
 <security-role>
 <role-name>Clerk</role-name>
 </security-role>

 <method-permisson>
 <role-name>Manager</role-name>
 <method>
 <ejb-name>CurrentTimeEJB</ejb-name>
 <method-name>*</method-name>
 </method>
 </method-permisson>

 <method-permisson>
 <role-name>Clerk</role-name>
 <method>
 <ejb-name>CurrentTimeEJB</ejb-name>
 <method-name>*</method-name>
 </method>
 </method-permisson>
 </assembly-descriptor>

</ejb-jar>

There's no error message when I deploy the bean.

Any help appreciated. Thanks in advance.

- John