To apply ACL to the methods of Bean.Can anyone tell me what shld be the procedure
Thanks in advance
It's declarative. You set it in the bean's deployment descriptor.
To make any use of it, you'll need to connect to JNDI using authentication so your security Principal is created. It will then be propogated to your EJB calls and used to check if you fulfill the requirements for accessing the methods.
You set up permissioning by requiring users to have a certain "role" in order to access the method. If you have that role, you're in.
How this is all manifested and persisted is vendor specific, the spec says (and will probably never say) anything about this.