Well, I have a workaround for anyone who encounters this problem. Its not the
prettiest solution.
Basically on another SLSB, I create a local method called checkCallerAdmin.
Then in my code where I want to do a
SessionContext.isCallerInRole("Administrator");
I call
otherSLSB.checkCallerAdmin()
The checkCallerAdmin method is set up to only allow callers with the role of
"Administrator". Basically, it has a
* @ejb.permission role-name = "Administrator"
XDoclet tag. If my caller is not an Admin, I get a LocalAccessException which
I can catch and use that fact to identify that the caller in the Administrator
role.
It works, but the biggest drawback is that you are calling another EJB method,
so you need to go through the entire interceptor chain (in order to get the the
Security Interceptor) in order to get the check to occur. This probably will
perform poorer than a direct call to:
sessionContext.isCallerInRole("Administrator");
I'd still be interested in hearing from someone from JBoss as to wether this
behavior is by design or is a bug.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3867200#3867200
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3867200
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
