0 Replies Latest reply on Mar 30, 2014 1:06 AM by shinzey

    How to enable @RolesAllowed?

    shinzey
    shinzey Mar 30, 2014 1:06 AM

      This question is further to my last one The correct way to configure JAAS in WildFly? The login is working correctly and I'm now trying to use @RolesAllowed to secure my EJB:

      @Stateless
@DeclareRoles("admin")
public class TestEjb {
    @Resource
    private SessionContext sc;

    @RolesAllowed("admin")
    public String doAdmin() {
        System.out.println("Name: " + sc.getCallerPrincipal());
        System.out.println("Is admin? " + sc.isCallerInRole("admin"));
        return "admin";
    }
}

       

      Ideally, the doAdmin method can only be called if the user has the admin role. However, it can be invoked by any user. The strange thing is that the injected SessionContext correctly identifies the user:

      11:50:48,755 INFO  [stdout] (default task-12) Name: abc
11:50:48,755 INFO  [stdout] (default task-12) Is admin? false

       

      I guess I may miss some configurations in my web app. Can anyone help me resolve it?