@RolesAllowed({"BANKADMIN", "BANKUSER"}) public int createTransaction(Transaction tran, int id) throws InvalidTranException, NotAuthorizedException, NotFoundException { String user = sctx.getCallerPrincipal().getName(); Account account = accountDao.getAccount(id); tran.setAccount(account); if (user.equals(tran.getAccount().getUserId()) || sctx.isCallerInRole("BANKADMIN")) em.persist(tran); return tran.getId(); }