0 Replies Latest reply on Mar 30, 2014 1:06 AM by shinzey shinzey

    How to enable @RolesAllowed?

    shinzey shinzey Newbie

      This question is further to my last one The correct way to configure JAAS in WildFly? The login is working correctly and I'm now trying to use @RolesAllowed to secure my EJB:

      @Stateless
      @DeclareRoles("admin")
      public class TestEjb {
          @Resource
          private SessionContext sc;
      
          @RolesAllowed("admin")
          public String doAdmin() {
              System.out.println("Name: " + sc.getCallerPrincipal());
              System.out.println("Is admin? " + sc.isCallerInRole("admin"));
              return "admin";
          }
      }
      

       

      Ideally, the doAdmin method can only be called if the user has the admin role. However, it can be invoked by any user. The strange thing is that the injected SessionContext correctly identifies the user:

      11:50:48,755 INFO  [stdout] (default task-12) Name: abc
      11:50:48,755 INFO  [stdout] (default task-12) Is admin? false
      

       

      I guess I may miss some configurations in my web app. Can anyone help me resolve it?