Hi!
i have a few questions/problems:
i'm working on RMH book, first example.i made one called Agenda, everything is ok, but i can't make restrictions on methods.for example, in client side i have soemthing like this:
public static Context getInitialContext()
Properties p = new Properties();
p.put(Context.SECURITY_PRINCIPAL,"coyote");
p.put(Context.SECURITY_CREDENTIALS,"alexis");
return new javax.naming.InitialContext(p);
}
and in Meta-Inf /ejb-jar.xml i have
...
<enterprise-beans>
....
<security-identity>
<use-caller-identity/>
</security-identity>
....
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>coyote</role-name>
</security-role>
<method-permission>
<role-name>coyote</role-name>
<ejb-name>AgendaEJB</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
the problem is that i can execute the client code, i mean i have access to methods even i change the name(from coyote to coyotea let say)
PS: i want to restrict access from ejb-jar.xml as i saw in RMH ejb 2nd edition.isn't possible on jboss?
(btw, RMH 4th edition covering ejb 2.1 spec. is UP and you can find first 8 chapters for free on theserverside.com)
thank you folks for any help.
Alexandru.