I need some help on the following scenario:
@RolesAllowed("role1")
ejb1.secureMethod1
@RolesAllowed("role2")
ejb2.secureMethod2
secureMethod2 has to be protected, but I have to call the method from ejb1.
When I call it from ejb1 I want the container to ignore the security as the
user possibly don't have the role. From a business point of view it is OK to
call it from ejb1 without the role, but not from another place.
I have tried AccessController.doPrivileged with no success. It seems I
misunderstood it's purpose.
I believe my security setup is correct as I am able to do this if the user has
the required role, but fails if he doesn't.
Can anybody point me in the right direction?
Thank you in advance.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210637#4210637
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210637
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
