> calling Ejb2.methodB using AccessController.doPrivileged from Ejb1.methodA cannot ensure that the call would have the role required. Did you see this documented somewhere.
What is the purpose of AccessController.doPrivileged then?
How do I then call methodB in this scenario, Subject.runAs?
> So the roles would still need to be defined either by Annotations or in xml
I have the roles declared via annotations on the beans where they are used.
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=332210