Setting Method Permissions in EJB
I have deployed a stateless Session Bean with three methods in Remote Interface ..Want to grant access to one of them for a particular role defined in weblogic.properties ..How do i go abt doing it...i have given in my Deployment Descriptor the access to only one method(ejb-jar.xml) ..but still it allows me to access all methods .....That means it is not doing any access control..Is there any other setting also required.
Thanks in advance
It appears that u have given * in your deployment descriptor, while generating that. Do check your descriptor again & assign all the methods the required security role individually
In my posted question i have said i have given only to one method the access right in DD ..but in my client application if i call otehr method it works fine....what cld be the problem
I believe, although I could be wrong, that if you don't specify any required role for the other methods then they will simply let anything run them.
Set the other methods up with a role your supplied credentials don't have and try it again.
There is no point of giving only method in your deplyment descriptor.It doesn't make any difference for the container. Actually, you bean accessed through JNDI using Home interface in which you would have mentioned all the four methods. As far as I know, you have to control itby changing something is your weblogic properties file. I am not sure about it!!!