@DeclareRoles("BIDDER", "CSR", "ADMIN")
@Stateless
public class BidManagerBean implements BidManager {
@RolesAllowed("CSR, ADMIN")
public void cancelBid(Bid bid, Item item) {...}

@PermitAll
public List<Bid> getBids(Item item) {...}
}

How can I know if the user that is trying to access cancelBid method has the role CRS or ADMIN?? Where do I specify which roles belong to an user?

TNX