[jboss-user] [Security & JAAS/JBoss] - Re: Security chptr says ejb-jar.xml. But EJB3 has no ejb-jar

Hi cgriffith, that was quick. Thank you. A follow-up question perhaps: "j2ee_junkie" wrote : See the EJB3 wiki for documentation on how to use annotations to provide the same configurations as the ejb-jar.xml. | | http://wiki.jboss.org/wiki/Wiki.jsp?page=EJB3 Is this what you meant: http://docs.jboss.org/ejb3/app-server/tutorial/security/security.html ? It mentions javax.annotation.security.RolesAllowed, javax.annotation.security.PermitAll as well as the JBoss specific org.jboss.ejb3.security.SecurityDomain. I read in an older post (approx 18 months old: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=59428) that the future may present a way to avoid using that specific JBoss-specific annotation by using some deployment descriptor instead. Is the mentioned ejb-jar.xml that descriptor, or is that yet to come? If ejb-jar.xml is the foreseen descriptor, can I combine the use of the nice annotations PermitAll and RolesAllowed with ejb-jar.xml, or do I have to scrap the annotation trail alltogether and declare everything in the ejb-jar.xml, do you think? thank you, markus View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958775#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...