hi...i have a database table SUPPLIERS and i have used netbeans wizards to generate an entity class from the table, then to generate a jsf page from from the Supplier entity class.

the net beans created a managed bean called SupplierController for me and an ejb called SupplierFacade...and its ok and runs so good.

now, i want to add some authentication on the creation of suppliers, so i have made the following

1-adjust the supplierFacade

@Stateless
@DeclareRoles({"USERS"})
public class SupplierFacade {
.
.
@RolesAllowed({"USERS"}) //USERS is a security rule
public void create(Supplier supplier) {
em.persist(supplier);
.
.
}
2-from the glassFish admin-console, i hav added a file user to a group list called bank_users
3-add to the sun-web.xml the following lines
<security-role-mapping>
<role-name>USERS</role-name>
<group-name>bank_users</group-name>
</security-role-mapping>


and i expect the application to prompt me for a user name and password when i click save link after filling the fields of the new supplier, but i only hav the following exception and nothing added to the database

WARNING: A system exception occurred during an invocation on EJB SupplierFacade method public void com.shady.compamy.DATA.SupplierFacade.create(com.shady.compamy.DATA.Supplier)
javax.ejb.AccessLocalException: Client not authorized for this invocation.


can anybody help me??
thanks inadvance