I have actived the Default Principal To Role Mapping to avoid having to map the roles in web.xml or in sun-web.xml. This works fine for annotations on EJB methods, but not when I invoke isCallerInRole on the SessionContext in the EJB container or isUserInRole on the HttpServletRequest in the web-tier.
After debugging the isUserInRole call I came to the conclusion that the final check is not just on the role but that the url, for which the bean is a backing bean, is brought into the equation as well.
The isCallerInRole throws an exception complaining that there is no security mapping available.
Unfortunately mapping the roles in sun-web.xml is not an option.
Is this supposed to be happing and how can I get around it?
Thanks
[Message sent by forum member 'drfranknfurter' (drfranknfurter)]
http://forums.java.net/jive/thread.jspa?messageID=302746