6 Replies Latest reply on Mar 13, 2009 11:35 AM by Wolfgang Knauf

    Calling protected ejb method from anoter

    Frans van Niekerk Newbie

      I need some help on the following scenario:

      @RolesAllowed("role1")
      ejb1.secureMethod1

      @RolesAllowed("role2")
      ejb2.secureMethod2

      secureMethod2 has to be protected, but I have to call the method from ejb1. When I call it from ejb1 I want the container to ignore the security as the user possibly don't have the role. From a business point of view it is OK to call it from ejb1 without the role, but not from another place.

      I have tried AccessController.doPrivileged with no success. It seems I misunderstood it's purpose.

      I believe my security setup is correct as I am able to do this if the user has the required role, but fails if he doesn't.

      Can anybody point me in the right direction?
      Thank you in advance.