Posted by drfranknfurter
on October 1, 2008 at 8:46 AM PDT
I have actived the Default Principal To Role Mapping to avoid having to map the roles in web.xml or in sun-web.xml. This works fine for annotations on EJB methods, but not when I invoke isCallerInRole on the SessionContext in the EJB container or isUserInRole on the HttpServletRequest in the web-tier.
After debugging the isUserInRole call I came to the conclusion that the final check is not just on the role but that the url, for which the bean is a backing bean, is brought into the equation as well.
The isCallerInRole throws an exception complaining that there is no security mapping available.
Unfortunately mapping the roles in sun-web.xml is not an option.
Is this supposed to be happing and how can I get around it?