> Further investigation has led me to have a look at
> the module's JACC policy file generated at deployment
> time. It is interesting in that it shows what the
> container deduces of the bean's permission and roles
> from the annotations. Mine has 4 grant blocks, one
> for each role (dev,admin,editor,viewer), plus a 5th
> grant block giving open permissions on those bean
> methods having no restrictions set on them. Now my
> open grant block has entries for some methods in my
> bean that are clearly annotated as restricted.
> Wierder still, is that I can't really seem to see
> any rhyme or reason as to the methods it erroneously
> leaves unrestricted and the ones it correctly leaves
> out of the open grant block.
>
> So, what I see in the policy file matches the
> program's actual behavior, but it does not match the
> annotations. So it seems clear that the JACC
> provider is getting confused when it looks at my
> annotations.
sorry I didn't see this, before mylast post.
the containers annotation processor interprets the annotations, and represents them internally as method-permissions, then it calls the jacc-spi to tell the container to provision the policy subsystem. it is unlikely that the ploicy provider is doing other that it is being directed to do. so the problem would probably be upstraem somewhere, either in the user of the annotations or their processing, before the calls to the jacc configuration interfaces
>
> My bean implements a remote and local interface, and
> the remote interface extends a 3rd business
> interface. As far as I can tell this is not
> uncommon, and I can't see any reason why it should
> cause confusion.
I think the the (ejb) annotation processor only recognizes annotations on
things that implement the ejb interfaces, could it be that you have annotations on an interface that is not being recognized as an ejb?
Ron
>
> Ross
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=271876