Farah Juma created ELY-407: ------------------------------ Summary: Add the ability for SecurityIdentity.getRoles() to fall back to the default if the given category is undefined Key: ELY-407 URL: https://issues.jboss.org/browse/ELY-407 Project: WildFly Elytron Issue Type: Enhancement Components: API / SPI Reporter: Farah Juma Assignee: Farah Juma As an example, consider the following scenario: I have a simple secured servlet that invokes an EJB method that's secured, where both the servlet and the EJB are using the default Elytron security domain that's defined for applications (i.e., "ApplicationDomain"). There's a user defined in the "ApplicationRealm" that has the role that's required to access the servlet and the EJB method. Undertow uses {{securityIdentity.getRoles()}} to check if a user is authorized, so the user is able to access the servlet. However, the EJB subsystem uses {{securityIdentity.getRoles("ejb")}} to check if a user is authorized and since no "ejb" category is defined, an {{EJBAccessException}} would occur when attempting to invoke the EJB method. -- This message was sent by Atlassian JIRA (v6.4.11#64026)