User role is stored in HttpSession. You should pass it to the EJB layer specially.
EJB container checks role permissions automatically
Use isCallerInRole() method of the appropriate session bean
Use getCallerPrincipal() method of the EJBContext class
EJBContext does not provide such functionality. It is necessary to use vendor-specific functions
Use isCallerInRole() method of the EJBContext class
|