geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: Geronimo EJB security
Date Wed, 10 Jun 2009 01:46:46 GMT

On Jun 2, 2009, at 11:08 PM, Ivan wrote:

>    1. If there is no method-permission for an EJB in the ejb- 
> jar.xml, shall we still need a JACC Manager, which in it, we grant  
> the all access permissions ?
>    2. When we will say that the EJBDeploymentGBean of an EJB is not  
> security-enabled. In the current codes, the value seems always set  
> to true.

It seems both questions boil down to "if the user isn't using  
security, can we have security-enabled set to false?"  IIRC, that's  
what we did.  Though this part might have been changed along with  
David J's changes to make it so that an app with EJB method- 
permissions (or equivalent annotations) would fail on deployment if no  
security was setup.

-David


Mime
View raw message