I write the following class to init SecurityContext.currentDomain member. MyInterceptorFactory.java: | ... | public Object createPerClass(Advisor advisor) | { | if (log.isDebugEnabled()) { | log.debug("enter createPerClass"); | } | | | AuthenticationManager manager = (AuthenticationManager) advisor.getDefaultMetaData().getMetaData("security", "authentication-manager"); | if (manager == null) { | if (log.isDebugEnabled()) { | log.debug("search manager"); | } | | try { | manager = (AuthenticationManager) new InitialContext().lookup("java:/jaas/ydxt-domain2"); | } | catch (NamingException e) { | throw new RuntimeException(e); //To change body of catch statement use Options | File Templates. | } | } | if (manager == null) throw new RuntimeException("Unable to find Security Domain"); | return new MyInterceptor(manager); | } | ... | | MyInterceptor.java: | ... | public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable { | if (log.isDebugEnabled()) { | log.debug("enter MyInterceptor"); | } | | | Object oldDomain = SecurityContext.getCurrentDomain().get(); | try { | SecurityContext.getCurrentDomain().set(authenticationManager); | return invocation.invokeNext(); | } | finally { | SecurityContext.getCurrentDomain().set(oldDomain); | } | } | ... | My SecurityContext.java,extend from org.jboss.aspects.security.SecurityContext: | | public class SecurityContext extends org.jboss.aspects.security.SecurityContext { | | | public static ThreadLocal getCurrentDomain() { | return currentDomain; | } | | } | | in jboss-aop.xml: | ... | <bind pointcut=&quot;all((a)ydxt.ejb.aop.FydSecurity)&quot;&gt; | <interceptor factory="ydxt.ejb.aop.MyInterceptorFactory" scope="PER_CLASS"/> | <advice name="checkRight" aspect="ydxt.ejb.aop.FydSecurityInterceptor"/> | </bind> | ... | the isCallerInRole and isCurrentInRole work fine !!! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4009146#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...