Hi,
I'd like to report the missing Exception class related to EJB 3.0.
On the EJB 3.0 core contract spec, 16.6.9 Runtime Security Enforcement,
EJBAccessException is newly defined, but the class doen't exist on the
ejb-api module.
The EJB container must provide enforcement of the client access control
per the policy defined by the Deployer. A caller is allowed to invoke a
method if, and only if, the method is specified as PermitAll or the
caller is assigned at least one of the security roles that includes the
method in its method permissions definition. (That is, it is not meant
that the caller must be assigned all the roles associated with the
method.) If the container denies a client access to a business method,
the container must throw the *javax.ejb.EJBAccessException*[92].
...
Could you add this to ejb-api? Maybe the security code related to this
needs to be modified to throw this instead of EJBException.
--
Wonseok Kim
Senior Developer/Researcher
WAS Department
TmaxSoft, Inc. R&D Center