I have dived into the deepend of securing my ejbs and I seem to be drowning (for the moment i hope). :)
I have a service that scans the goes thru the initial context and scans for a certain type of session bean.
With these found beans it is creating the remote interface by calling the create method and extracting and caching certain methods from the remote interface. That is all. No methods on the remote interface are invoked.
This service worked well until I applied method permissions to the beans. Now I am getting the security exception when I call the create method, even though I have set all the methods in the home inteface to be unchecked.
Are there some obvious settings that I am missing? Any help is greatly appreciated.
"unchecked" means "every authenticated user" - so that is not "everybody".
But I don't know yet how you can achieve that some methods in a bean don't need authentication while others do.
Hope this helps