2 Replies Latest reply on Aug 28, 2004 4:41 PM by maiden

    isCallerInRole problem

    maiden Newbie

      Hi!

      I have a problem with security configureation of my EJB. I call my EJB methods from the servlet. EJB is secured and method permissions is set only for the "Guests" role.

      <method-permission>
      <role-name>Guests</role-name>

      <ejb-name>GalleryTeller</ejb-name>
      <method-name>myMethod</method-name>

      </method-permission>

      It works fine. If I remove the code above from the deployment descriptor it comes out with an exception:

      [org.jboss.ejb.plugins.SecurityInterceptor] Insufficient method permissions, principal=null, method=myMethod, interface=LOCALHOME, requiredRoles=[Users], principalRoles=[Guests]

      But is I call isCallerInRole("Guests") inside myMethod it always return false. Why?

      If the principal was allowed to execute this method it MUST be in Guests role.

      Please, tell me what is wrong?

      Dmitri