kumar has written that there was an issue with WebServicContext.isUserInRole in builds of Glassfish prior to the build available at the folloiwng pointer
https://sailfin.dev.java.net/downloads/v1-b36.html
before you update your build, you can use the following to get the caller subject (inside your endpoint).
Subject s = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
then you can use the Subject api to check out what principals have been assigned.
In Glassfish, the caller principal is "distinguished" using a public credential of type
"DistinguishedPrincipalCredential".
Ron
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=301607