if (callerRunAsIdentity == null)
{
AuthorizationManager am = (AuthorizationManager)policyRegistration;
// Now actually check if the current caller has one of the required method roles
if (am.doesUserHaveRole(ejbPrincipal, methodRoles) == false)
{
Set userRoles = am.getUserRoles(ejbPrincipal);
String method = this.ejbMethod.getName();
String msg = "Insufficient method permissions, principal=" + ejbPrincipal
+ ", ejbName=" + this.ejbName