Details
-
Task
-
Resolution: Obsolete
-
Major
-
JBossAS-4.0.4.CR2
-
None
Description
As described in the forum thread, when jacc is enabled, the behavior that is seen for programmatic security checks made for the Web and the EJB layer is dependent on whether the DD (web.xml and ejb-jar.xml) define the roles (as part of security-role and/or security-role-ref elements) completely or partially.
The testcases (mainly the UserInRoleUnitTestCase and the CallerInRoleUnitTestCase) should be retrofitted to handle both the cases - one when the DD is partially descibed and the other when it is fully described.