geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy" <c1vams...@gmail.com>
Subject An ejb security question
Date Tue, 16 Oct 2007 18:46:17 GMT
Can someone help me with an ejb security question? I have an EJB with three
methods, m1 with unrestricted access, m2 accessible by guest role and m3
accessible by guest and admin roles. I am accessing all these three methods
from three different jsps and displaying whether the access is successful or
not. The first jsp index.jsp does not need any authentication and is able to
access m1 only. The second jsp guest.jsp needs authentication for guest role
and is able to access all three methods. Once logged in as guest, I expect
the index.jsp also to be able access all three methods. But index.jsp is
able to access m1 only though request.getUserPrincipal().getName() shows the
logged in username.  Is this the correct behavior or there is something
wrong? I am using G 2.0.1.

++Vamsi

Mime
View raw message