Woops, my mistake. I forgot to modify run.bat
to point to the policy file and use a security manager.
After about forty or fifty changes to the policy file,
using JAAS for authorization works fine.
You wrote, that it works.
Could you perhaps tell what is that, that's working?
I thought this is impossible, because J2EE defines role based authorization. you define roles and assign ejb method permissions to those roles.
(Assignment of roles to EJB methods)
You mean you have achieved principal based authorization in j2ee??? how????