Well the user is authenticated, however no securityContext propagation occurs.
If I'm passing an entire request object as a parameter to an
ejb,
then only username passes with it, not the securityContext.
So request.isUserInRole function works fine outside of an ejb but
does not inside it.
Thus I'm compelled either to query all the necessary roles outside of the ejb and pass them as additional parameters, which is silly, or pass a username as a parameter and access the user_roles table from inside, which is tedious.
There are rumors of a plugins that handle this issue in weblogic and websphere. Is there something similar in JBoss ?