- The unchecked methods will have any weight at runtime?
- If my logic calls method _1() -> method _2() -> ... -> method _N() , and all the methods have security permission set, will the container verify just the first time or in each method step, there will be a significant weight on the security check?
- The role check based on file properties (just for 1 or 2 single static users) is the best approach for securing EJB methods?
1) very little
2) in general each call is authorized separately
3) the overhead on caching principals, credentials and roles is very little, so it is up to you where to keep the security information