tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Fryer <apfr...@hotmail.com>
Subject SessionContext isCallerInRole always returns null
Date Wed, 20 Jun 2012 22:39:49 GMT
I have a Stateless Session EJB with an injected SessionContext.  I have a
method where i try to use the isCallerInRole method to determine if a user
is an ADMIN user or not but this method always returns null, even for users
that are ADMIN users.  The code is below...

@Stateless
public class UserImpl implements UserService {

	@PersistenceContext(unitName="poker-entities")	private EntityManager em;

	@Resource private SessionContext sctx;

	@Override
	@RolesAllowed({"ADMIN","USER"})
	@TransactionAttribute(TransactionAttributeType.REQUIRED)
	public void userUpdate(User user) {

		User currentUser = this.findCurrentUser();
		if (currentUser == null || (currentUser.getId() != user.getId() &&
!sctx.isCallerInRole("ADMIN"))) {
			throw new EJBAccessException("Principal does not have permission to call
this method");
		}

		em.merge(user);
	}
}

If i change the @RolesAllowed annotation to @RolesAllowed({"ADMIN"}) which
guarantees that only ADMIN users can call the method, the call to
sctx.isCallerInRole("ADMIN") still returns false.

Cheers,

Anthony

--
View this message in context: http://openejb.979440.n4.nabble.com/SessionContext-isCallerInRole-always-returns-null-tp4655704.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Mime
View raw message