the problem is that when you configure the permissions on the EJB in a declarative way the web layer doesn't have a way to know which methods are available in the ejb...
Please, I need some ideas
Is your webapp mvc based?
If your web app adheres to the MVC design pattern, your jsp should show an uptodate view based on the results of a model update/change or the current state of the model.
Can you clarify your question a bit more please. What in the view are you trying to restrict access to?
some users have access to some options that other doesn't.
But the place where this permissions are configured is in the ejb-jar.xml. How to make the JSP (or tag ligs) know what shoul'd be shown without trying to make a remote call and be allowed or not?????
What I did was create another method in the interface that had the same permissions but did nothing. Then you can call this mehtod to determine if you can do what you want to do.
For example, lets say I have the createUser method. I create a second method hasCreateUserPermission. In the JSP (I use a tag) I call the hasCreateUserPermission and if I can execute this then I know that I can put the createUser into the interface.
Note: I am using XDoclet so I use it to put these extra methods into the interface.
A very good solution (the kind of : how haven´t I ever thought of that : ))
Can you send some example?? (of XDocLet file too)