I have written the following bean, that I have parsed with XDoclet which has generated Bean interface and xml files for me:


/**
* @ejb:bean name="AdvancedHello"
* jndi-name="AdvancedHello"
* type="Stateless"
* view-type="local"
* @ejb:ejb-ref ejb-name="AdvancedHello"
* view-type="local"
* ref-name="AdvancedHello"
* @ejb:transaction type="Required"
* @ejb:transaction-type type="Container"
*
* @jboss-net:web-service urn="Pippo"
* expose-all="true"
* @jboss-net.authentication
* domain="other"
* validate-unauthenticated-calls="true"
*
* @jboss-net.authorization
* domain="other"
* roles-allowed="Role1,Role2"
**/
public class AdvancedHelloBean implements SessionBean
{
protected transient Category log = Category.getInstance( getClass() );

/** The first web method
* @ejb.interface-method view-type="local"
* @jboss-net.web-method returnQName="Greeting"
* @ejb.permission role-name="Role1"
*/
public String hello( String name ) {
return "Hello " + name;

}

/** The first web method
* @ejb.interface-method view-type="local"
* @jboss-net.web-method returnQName="Greeting2"
* @ejb.permission role-name="Role2"
*/
public String hello2( String name ) {
return "Hello " + name;

}

}

After I have deployed it into JBOSS.
While authentication work fine, I have noted that my user associated to the Role1 can also accesses to the hello2 method, but this must access only to the hello method, because XDoclet have generate methods permission in xml files!

How is it possible? How I do to allow to the Role1 user for accessing only to the hello method?

Can anybody help me?

Thank?s in advance.