I found that user is saved in session, but not the roles. Therefore, I changed the viewfile.jsp and pending_items.jsp so that roles are saved in the session.
I also changed the CMSPreviewServlet so that it retrieves the roles from the session and put it in JCRCMS object. Now it is working fine. The changed codes are as follows.
Following are added to the jsp's.
Set roles = new HashSet();
// Get the current authenticated subject through the JACC contract
Subject subject = (Subject)PolicyContext.getContext("javax.security.auth.Subject.container");
if (subject != null)
Set tmp = subject.getPrincipals(JACCPortalPrincipal.class);
JACCPortalPrincipal pp = null;
for (Iterator k = tmp.iterator(); k.hasNext();)
pp = (JACCPortalPrincipal) k.next();
if (pp != null)
if (pp == null)
pp = new JACCPortalPrincipal(subject);
// Lazy create all the permission containers for the given role names
for (Iterator k = pp.getRoles().iterator(); k.hasNext();)
Principal role = (Principal) k.next();
Following were added to CMSPreviewServlet
Set roles = (Set)request.getSession().getAttribute("remoteRoles");
Sorry for the wrong posting.