hi i am mohandodderi, i am trying to execute the ejb security example . i am checking for security role(isCallerInRole) but it is returning FALSE . code is written like this ..pls tell me what is the wrong with this code
IN DEPLOYMENT DESCRIPTER
<entity> <description/> <display-name>ADDRESSEJB</display-name> <ejb-name>ADDRESSEJB</ejb-name> <home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSHome</home> <remote>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESS</remote> <local-home>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocalHome</local-home> <local>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSLocal</local> <ejb-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSBean</ejb-class> <persistence-type>Bean</persistence-type> <prim-key-class>com.emarg.vitalweb.entity.ADDRESS.ejb.ADDRESSPK</prim-key-class> <reentrant>False</reentrant> <security-role-ref> <description> This security role should be assigned to the employees of the payroll department who are allowed to update employees� salaries. </description> <role-name>location</role-name> <role-link>location-department</role-link> </security-role-ref>
<assembly-descriptor> <security-role> <description>This role includes the employees of the enterprise who are allowed to access the employee self-service application. This role is allowed only to access his/her owninformation. </description> <role-name>location-department</role-name> </security-role>
You need to associate the user with this particular role.
This is something which is done by the Deployer and would not be a part of this xml.
You need to check this in your security policy file. Typically when you get authenticated into the system much before accessing the EJB's ..your principal should be associated with the role. I think this isn't an EJB issue..may be some veterans can comment as well
OCMJEA/SCEA, SCDJWS, SCBCD 1.3, SCJP 1.4
My SCEA experience:http://javalogue.blogspot.com/