Wonseok Kim wrote:
> Hi,
>
> I'd like to report the missing Exception class related to EJB 3.0.
Hi Wonseok,
Thanks for pointing this out. We will add it.
--ken
>
>
> On the EJB 3.0 core contract spec, 16.6.9 Runtime Security
> Enforcement, EJBAccessException is newly defined, but the class doen't
> exist on the ejb-api module.
>
> The EJB container must provide enforcement of the client access
> control per the policy defined by the Deployer. A caller is allowed to
> invoke a method if, and only if, the method is specified as PermitAll
> or the caller is assigned at least one of the security roles that
> includes the method in its method permissions definition. (That is, it
> is not meant that the caller must be assigned all the roles associated
> with the method.) If the container denies a client access to a
> business method, the container must throw the
> *javax.ejb.EJBAccessException*[92].
> ...
>
> Could you add this to ejb-api? Maybe the security code related to this
> needs to be modified to throw this instead of EJBException.
>
>--
>Wonseok Kim
>Senior Developer/Researcher
>WAS Department
>TmaxSoft, Inc. R&D Center
>
>