I have 2 questions:
1.
bypass means to avoid any authorisation ...can be done only by using the <unchecked\> tag inside the <method permissions> tag
In my real life
ejb running on
jboss, I don't have any <method-permissions>.
If I didn't declare any <method-permissions> in the ejb-jar.xml, will the security authorization bypassed on a method ?
2. refer to option E of the questions:
E "Security authorization can be bypassed on an instance by instance basis". --> false
What does it mean ?
As far as I know, security authroziation on instance basis can be done programmatically ( ctx.getCallerPricipal() ). If I not do it programatically, the security authorization can be bypassed, is it right ?
If yes, why option E is false.
Thx