You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by Vamsavardhana Reddy <c1...@gmail.com> on 2007/10/16 20:46:17 UTC

An ejb security question

Can someone help me with an ejb security question? I have an EJB with three
methods, m1 with unrestricted access, m2 accessible by guest role and m3
accessible by guest and admin roles. I am accessing all these three methods
from three different jsps and displaying whether the access is successful or
not. The first jsp index.jsp does not need any authentication and is able to
access m1 only. The second jsp guest.jsp needs authentication for guest role
and is able to access all three methods. Once logged in as guest, I expect
the index.jsp also to be able access all three methods. But index.jsp is
able to access m1 only though request.getUserPrincipal().getName() shows the
logged in username.  Is this the correct behavior or there is something
wrong? I am using G 2.0.1.

++Vamsi