4 Replies Latest reply on Sep 10, 2010 4:23 PM by anil.saldhana

    Can EJB XACML Policy support method overload

    dangvo

      I have been experiementing with XACML authorization in particular EJBs and it seems to me that the Action's value is derived from the EJB's method call minus the argument signature.

       

      From org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate.java

           ...

       

           RequestContext requestCtx = util.createXACMLRequest(this.ejbName, this.ejbMethod.getName(),this.ejbPrincipal, callerRoles);

           ...

       

      My problem is that if my EJB has 2 overload methods for example 'bar(Integer)' and 'bar(String)', I cannot distinguish them from the policy as the action value are both 'bar'. Can anyone confirm or dismiss this observation?