1 Reply Latest reply on Nov 1, 2003 10:44 AM by Juha Lindfors

    methods access & security

    Alexandru Mernita Newbie

      Hi!
      i have a few questions/problems:
      i'm working on RMH book, first example.i made one called Agenda, everything is ok, but i can't make restrictions on methods.for example, in client side i have soemthing like this:
      public static Context getInitialContext()
      Properties p = new Properties();
      p.put(Context.SECURITY_PRINCIPAL,"coyote");
      p.put(Context.SECURITY_CREDENTIALS,"alexis");
      return new javax.naming.InitialContext(p);
      }

      and in Meta-Inf /ejb-jar.xml i have

      ...
      <enterprise-beans>
      ....
      <security-identity>
      <use-caller-identity/>
      </security-identity>
      ....
      </enterprise-beans>
      <assembly-descriptor>
      <security-role>
      <role-name>coyote</role-name>
      </security-role>
      <method-permission>
      <role-name>coyote</role-name>

      <ejb-name>AgendaEJB</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      </assembly-descriptor>

      the problem is that i can execute the client code, i mean i have access to methods even i change the name(from coyote to coyotea let say)

      PS: i want to restrict access from ejb-jar.xml as i saw in RMH ejb 2nd edition.isn't possible on jboss?

      (btw, RMH 4th edition covering ejb 2.1 spec. is UP and you can find first 8 chapters for free on theserverside.com)

      thank you folks for any help.
      Alexandru.