Hi, all,
I encounter the following problem when I debug a session facade:
getSessionContext().getCallerPrincipal().getName()
(debug value: "administratorUser" )
getSessionContext().isCallerInRole("administratorRole")
(debug value: false, which is not what I expected)
The logged in user 'administratorUser' is believed to be in the role of
'administratorRole'.
For example,
<method-permission>
<role-name>administrator</role-name>
<method>
<ejb-name>ScheduleSessionFacadeEJB</ejb-name>
<method-intf>Remote</method-intf>
<method-name>deleteSchedule</method-name>
</method>
</method-permission>
If I comment out the line
<role-name>administrator</role-name>
the administratorUser will trigger an exception when trying to
"deleteSchedule".
It seems to me, the declarative Container Manager Security works, but my
programmatic security check fails. It is weird.
Could anyone shed some lights please?
Thanks.
Denis
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
