I'm using a form-based authentication (with a JDBC-realm) to authenticate users in my EE application. I created a /home/*
section, which is only accessible if a user is in the role USER or ADMIN.
Everything is working fine, but the problem is that when I use the FacesContext.getCurrentInstance().getExternalContext().isUserInRole(role)
-Method (for example to decide whether some UI-components are shown on the gui or not), the return value always is false.
I have absolutely no idea why the method always returns false. What am I missing?
The most confusing thing is, that I have implemented the exact same behaviour in another project (on the same glassfish-server-instance) and it works there.
I just found the problem: I forgot to add the @DeclareRoles()
annotation.
You have to Declare the roles you want to use somewhere in your application. I for example use a SingletonEJB in which I declare the roles I'm using (using the DeclareRoles-Annotation).
Example:
@Singleton
@LocalBean
@DeclareRoles({ "ADMIN", "USER" })
public class Application {
}