the default p2r mapping "should" effect all the contexts of use that you are interested it.
It will only work for the roles that have been declared in the corresponding web.xml and ejb-jar.xml files [Declaring a role is different from defining a corresponding p2r mapping]
Off the top of my head, I can't explain why you should ever get an exception from a call to isCallerInRole. You may have found a bug. If you can reproduce the exception, I'd be interested in seeing the stack trace,
You can see the policy that supports the isUser/CallerInRole calls by looking in the application specific policy files under domainx/generated/policy/app-name/module-name/granted.policy
the grants of WebRoleRefPermission and EJBRoleRefPermission establish what principals are mapped to the corresponding role, in a named context (i.e. a servlet, or an ejb). By looking at the policy file, we can see if the proper grants have been created for all of the roles you are interested in.
Ron
[Message sent by forum member 'monzillo' (monzillo)]
http://forums.java.net/jive/thread.jspa?messageID=302761