Ok, didn't think long enough before I posted.

All this can be done simple and easy with:

public static final boolean isAdminUser(HttpServletRequest req)
{
return req.isUserInRole("Admin"):
}

public static final boolean isAdminUser(EJBContext context)
{
return context.isCallerInRole("Admin");
}