I have a Stateless Session EJB with an injected SessionContext. I have a method where i try to use the isCallerInRole method to determine if a user is an ADMIN user or not but this method always returns false, even for users that are ADMIN users. The code is below...
@Stateless public class UserImpl implements UserService { @PersistenceContext(unitName="poker-entities") private EntityManager em; @Resource private SessionContext sctx; @Override @RolesAllowed({"ADMIN","USER"}) @TransactionAttribute(TransactionAttributeType.REQUIRED) public void userUpdate(User user) { User currentUser = this.findCurrentUser(); if (currentUser == null || (currentUser.getId() != user.getId() && !sctx.isCallerInRole("ADMIN"))) { throw new EJBAccessException("Principal does not have permission to call this method"); } em.merge(user); } } If i change the @RolesAllowed annotation to @RolesAllowed({"ADMIN"}) which guarantees that only ADMIN users can call the method, the call to sctx.isCallerInRole("ADMIN") still returns false. Cheers, Anthony -- View this message in context: http://openejb.979440.n4.nabble.com/SessionContext-isCallerInRole-always-returns-false-tp4655705.html Sent from the OpenEJB User mailing list archive at Nabble.com.