geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan <>
Subject Re: Geronimo EJB security
Date Wed, 10 Jun 2009 01:55:58 GMT
Thanks, David, I have changed some codes about EJB security, for it made
some cases failed. Currently, I use whether securiy segment exists in the
deployment plan to decide that , JACC Manager is or not need to be created.

2009/6/10 David Blevins <>

> On Jun 2, 2009, at 11:08 PM, Ivan wrote:
>    1. If there is no method-permission for an EJB in the ejb-jar.xml, shall
>> we still need a JACC Manager, which in it, we grant the all access
>> permissions ?
>>   2. When we will say that the EJBDeploymentGBean of an EJB is not
>> security-enabled. In the current codes, the value seems always set to true.
> It seems both questions boil down to "if the user isn't using security, can
> we have security-enabled set to false?"  IIRC, that's what we did.  Though
> this part might have been changed along with David J's changes to make it so
> that an app with EJB method-permissions (or equivalent annotations) would
> fail on deployment if no security was setup.
> -David


View raw message