Thomas, are you saying that the methods of a JSR-181 POJO can be restricted in
the same way as a SessionBean, e.g. using @SecurityDomain and @RolesAllowed?
My problem is that a JSR-181 POJO invokes a SessionBean being restricted with
@RolesAllowed. Basically I'm doing the following in my JSR-181 POJO:
HskaCallbackHandler handler = new HskaCallbackHandler(username,
password.toCharArray());
| loginCtx = new LoginContext(loginCtxName, handler);
| loginCtx.login();
| Set<Principal> principals = loginCtx.getSubject().getPrincipals();
| for (Principal p: principals) {
| log.info("PRINCIPAL: " + p);
| }
| sb.deleteKundeById(id); // invoke the restricted method of a session bean
|
The log file shows: PRINCIPAL: Roles(members:mitarbeiter,admin)
However, when I invoke the restricted SessionBean's method I get this exception:
Insufficient permissions, principal=null, requiredRoles=[admin],
principalRoles=[]
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3949766#3949766
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3949766
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
