I wrote a CustomLoginModule that authenticate against a database. The login works fine and the roles can be read out by using the membership module with the method getUserRoles(user). All seems to be fine.
The problem is that the method request.isUserInRole("rolename") returns always FALSE.
Could someone help ?
As per the spec, for isUserInRole to work correctly, the 'roleName' should be referenced in your portlet.xml using the security-role-ref configuration.