tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Fryer <apfr...@hotmail.com>
Subject SessionContext isCallerInRole always returns false
Date Wed, 20 Jun 2012 22:45:12 GMT
I have a Stateless Session EJB with an injected SessionContext.  I have a
method where i try to use the isCallerInRole method to determine if a user
is an ADMIN user or not but this method always returns false, even for users
that are ADMIN users.  The code is below...

@Stateless
public class UserImpl implements UserService {

        @PersistenceContext(unitName="poker-entities") private EntityManager
em;

        @Resource private SessionContext sctx;

        @Override
        @RolesAllowed({"ADMIN","USER"})
        @TransactionAttribute(TransactionAttributeType.REQUIRED)
        public void userUpdate(User user) {

                User currentUser = this.findCurrentUser();
                if (currentUser == null || (currentUser.getId() !=
user.getId() && !sctx.isCallerInRole("ADMIN"))) {
                        throw new EJBAccessException("Principal does not
have permission to call this method");
                }

                em.merge(user);
        }
}

If i change the @RolesAllowed annotation to @RolesAllowed({"ADMIN"}) which
guarantees that only ADMIN users can call the method, the call to
sctx.isCallerInRole("ADMIN") still returns false.

Cheers,

Anthony 

--
View this message in context: http://openejb.979440.n4.nabble.com/SessionContext-isCallerInRole-always-returns-false-tp4655705.html
Sent from the OpenEJB User mailing list archive at Nabble.com.

Mime
View raw message