Thanks for pointing that out, but now it appears RolesAllowed is letting through users who shouldn't have access. I'm using a different user now which does not have the admin role:
[code]
@RolesAllowed({
"application_assets_admin"
})
public List<Asset> getAssetList(String assetClassName) {
if (!ctx.isCallerInRole("application_assets_admin")) {
// This exception gets thrown!
throw new EJBException("Not authorized");
}
// Create the query to list the assets
Query query = em.createQuery("SELECT a FROM Asset AS a WHERE a.assetClass.name = :name ORDER BY a.name");
query.setParameter("name", assetClassName);
// Return the list
return query.getResultList();
}
[/code]
[Message sent by forum member 'jeffreyrodriguez' (jeffreyrodriguez)]
http://forums.java.net/jive/thread.jspa?messageID=217923