Yep, the MDB is unsecured. Since the MDB has no client, no security principal is propagated to the container. You can, however, use declarative method-level security on the MDB that is propagated to other EBs. There has been some talk but no action in the JBoss user forum about a vendor extension to pass security context along in the MDB, and you might find other ideas there.
Fred Loney Spirited Software, Inc. www.spiritedsw.com ----- Original Message ----- From: "Claude" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 24, 2001 10:04 AM Subject: Message driven beans and JAAS > I think I'm missing something obvious. > I'm using JBoss and I've configured it to use a JAAS security manager. > It's working all right with my session beans. > However when I try with a message driven bean, a get a "java.lang.SecurityException: Authentication exception, principal=null". > Everything works well when I disable the security manager. > I seems that I have to wrap the principal and credential with the messages, is that right? And I have no idea how to do it! > > Thanks in advance > Claude > The messages are sent by a session bean. > > ======================================================================== === > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff EJB-INTEREST". For general help, send email to > [EMAIL PROTECTED] and include in the body of the message "help". > > =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
