Hi,
I am trying to use programmatic seurity for a Stateful Session Bean.
Here is my Statefule Session Bean.
@Stateful
@RolesAllowed("AUTHORIZED_TRAVEL_AGENT")
@DeclareRoles("CREATE_CABIN")
public class TravelAgentSecureBean implements TravelAgentRemote {
public Cabin createCabin(String name, int deckLevel, int bedCount){
Principal principal = sessionContext.getCallerPrincipal();
System.out.println("Caller is=" + principal.getName());
Cabin cabin = null;
if (sessionContext.isCallerInRole("CREATE_CABIN")) {
cabin = new Cabin(name, deckLevel, bedCount);
entityManager.persist(cabin);
} else {
System.out.println("Sorry mate, you can't create a cabin!");
}
return cabin;
}
}
Here is my Login-config.xml
<application-policy name="Titan">
<authentication>
<login-module code="org.jboss.security.auth.spi.UserRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/user-titan.properties</module-option>
<module-option name="rolesProperties">props/roles-titan.properties</module-option>
</login-module>
</authentication>
</application-policy>
Here are the users.properties
admin=admin
breako=password
Here are the roles.properties
admin=AUTHORIZED_MERCHANT
breako=AUTHORIZED_TRAVEL_AGENT,CREATE_CABIN
My client uses the JBoss SecurityClient to logon.
When I run, the stateful session bean correctly identifies the principal so I am happy the SecurityClient is ok.
But it returns false for isUserInRole("CREATE_CABIN")????
Any ideas what I am missing?
Thanks...