Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 63951 invoked from network); 16 Oct 2007 18:46:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Oct 2007 18:46:49 -0000 Received: (qmail 76259 invoked by uid 500); 16 Oct 2007 18:46:35 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 76202 invoked by uid 500); 16 Oct 2007 18:46:35 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 76191 invoked by uid 99); 16 Oct 2007 18:46:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2007 11:46:35 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of c1vamsi1c@gmail.com designates 209.85.146.181 as permitted sender) Received: from [209.85.146.181] (HELO wa-out-1112.google.com) (209.85.146.181) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2007 18:46:39 +0000 Received: by wa-out-1112.google.com with SMTP id j4so2704613wah for ; Tue, 16 Oct 2007 11:46:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=dg6XO5tFjR83efYE3jq/a7uQz501vk2OJfzpMPFTDvg=; b=bty+KyF4tBDmomNh5Ius4NDYrvcO+CPnCnzZkSOlHY/PfBx3uCkvAutDNPIZBkG0fAT2HWvAL2PGnuACKTbPFQgCrkbStemV1yvs7/lMVo5hvry/YfUdXsHAPhUsae/QP0xsnbipVRT4D8mjHh1MGfULTbHAJiB3QSovkhe9xuI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=rOis4k2u2dp6b8Cvai3wCtJijnCAj0bJVXodyIZYZPp5qUbnnqfpRALmkKqX4jgiPWxrI2IQTCKAOFm9WPEPSLMynjhFp6gz0Jnmc0P+LxLIXDySQ+6iAY9N4Jq2zNUZkp309lQ0c+gbSzR8D0gyqEDWhQZA+sPeX59nxWAO7Po= Received: by 10.114.146.1 with SMTP id t1mr8812618wad.1192560377427; Tue, 16 Oct 2007 11:46:17 -0700 (PDT) Received: by 10.114.125.4 with HTTP; Tue, 16 Oct 2007 11:46:17 -0700 (PDT) Message-ID: <22d56c4d0710161146l8d7b59fu5406ec5589ab52e3@mail.gmail.com> Date: Wed, 17 Oct 2007 00:16:17 +0530 From: "Vamsavardhana Reddy" To: "Geronimo Dev" Subject: An ejb security question MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_32592_13981759.1192560377415" X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_32592_13981759.1192560377415 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Can someone help me with an ejb security question? I have an EJB with three methods, m1 with unrestricted access, m2 accessible by guest role and m3 accessible by guest and admin roles. I am accessing all these three methods from three different jsps and displaying whether the access is successful or not. The first jsp index.jsp does not need any authentication and is able to access m1 only. The second jsp guest.jsp needs authentication for guest role and is able to access all three methods. Once logged in as guest, I expect the index.jsp also to be able access all three methods. But index.jsp is able to access m1 only though request.getUserPrincipal().getName() shows the logged in username. Is this the correct behavior or there is something wrong? I am using G 2.0.1. ++Vamsi ------=_Part_32592_13981759.1192560377415 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Can someone help me with an ejb security question? I have an EJB with three methods, m1 with unrestricted access, m2 accessible by guest role and m3 accessible by guest and admin roles. I am accessing all these three methods from three different jsps and displaying whether the access is successful or not. The first jsp index.jsp does not need any authentication and is able to access m1 only. The second jsp guest.jsp needs authentication for guest role and is able to access all three methods. Once logged in as guest, I expect the index.jsp also to be able access all three methods. But index.jsp is able to access m1 only though request.getUserPrincipal().getName() shows the logged in username.  Is this the correct behavior or there is something wrong? I am using G 2.0.1.

++Vamsi
------=_Part_32592_13981759.1192560377415--