4 Replies Latest reply on Sep 10, 2010 4:23 PM by Anil Saldanha

    Can EJB XACML Policy support method overload

    Dang Vo Newbie

      I have been experiementing with XACML authorization in particular EJBs and it seems to me that the Action's value is derived from the EJB's method call minus the argument signature.

       

      From org.jboss.security.authorization.modules.ejb.EJBXACMLPolicyModuleDelegate.java

           ...

       

           RequestContext requestCtx = util.createXACMLRequest(this.ejbName, this.ejbMethod.getName(),this.ejbPrincipal, callerRoles);

           ...

       

      My problem is that if my EJB has 2 overload methods for example 'bar(Integer)' and 'bar(String)', I cannot distinguish them from the policy as the action value are both 'bar'. Can anyone confirm or dismiss this observation?