I am having a problem with JBoss 3.2.6. I have MDB's which must call secure stateless session beans to perform a task. The MDB's use a <run-as> declaration which allows them to run at the proper security level to make a call to a session bean method.
As an example, the MDB's are tagged with the following XDoclet: * @ejb.security-identity run-as = "Administrator" And the method in question is tagged with: * @ejb.permission role-name = "Administrator" The MDB is able to make it past the security interceptor and make it into the session bean's method. However within the method I need to do some slighlty more complex security checking and I am attempting to use SessionContext.isCallerInRole to determine the security level of the caller. Unfortunatley, a call like the following: sessionContext.isCallerInRole("Administrator"); returns false. Using <run-as>Administrator</run-as> would seem to imply that the caller would be in the Administrator role. Is it correct that isCallerInRole return false? Is there any other way to get a security role associated with an MDB's invocation of a bean method? I searched the forum and saw others report this same issue, but I could not find any resolution. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865609#3865609 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865609 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user