I have a Stateless Session EJB with an injected SessionContext. I have a
method where i try to use the isCallerInRole method to determine if a user
is an ADMIN user or not but this method always returns false, even for users
that are ADMIN users. The code is below...
@Stateless
public class UserImpl implements UserService {
@PersistenceContext(unitName="poker-entities") private EntityManager
em;
@Resource private SessionContext sctx;
@Override
@RolesAllowed({"ADMIN","USER"})
@TransactionAttribute(TransactionAttributeType.REQUIRED)
public void userUpdate(User user) {
User currentUser = this.findCurrentUser();
if (currentUser == null || (currentUser.getId() !=
user.getId() && !sctx.isCallerInRole("ADMIN"))) {
throw new EJBAccessException("Principal does not
have permission to call this method");
}
em.merge(user);
}
}
If i change the @RolesAllowed annotation to @RolesAllowed({"ADMIN"}) which
guarantees that only ADMIN users can call the method, the call to
sctx.isCallerInRole("ADMIN") still returns false.
Cheers,
Anthony
--
View this message in context:
http://openejb.979440.n4.nabble.com/SessionContext-isCallerInRole-always-returns-false-tp4655705.html
Sent from the OpenEJB User mailing list archive at Nabble.com.
