Doesn't hook into J2EE security, leaving the app server unsecured and open for intrusion
Originally posted by aanchal mathur:
I agree with both of u , but Kyle its true at times Customers can be unresonable and we just have to do it.
So now what i am goin to do is define a Role in the ejb-jar.xml file which will be used to authorize all users who log into the application . And then anyways progarmmatically in all methods we get tthe Roles from the database based on the PRincipal of that user.
Am i correct or am i missin out on smethin.