Ok, so I found various threads (like this one: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=37807 and http://www.jboss.org/index.html?module=bb&op=viewtopic&t=35269).
>From what I can tell, the @RunAs annotation is merely specifying the "role" to >use, whereas an MDB that calls a secured SLSB will not have a principal. The >suggestions seem to be, "Just perform a JAAS login before accessing your SLSB, >and you'll be ok". However, something about this isn't sitting right with me. 1.) If the MDB RunAs annotation is merely providing a role, but no principal, shouldn't the "unauthenticated" identity get used, just with the @RunAs role? This isn't happening, since my unauthenticated identity is "guest" (in login-config.xml), the SecurityAssociation Stack (detailed above) is showing "anonymous" as the principal, and JBAS doesn't care about either....it is simply throwing an IllegalStateException whenever I try to access the principal inside of my SLSB (called from an MDB). (Error: java.lang.IllegalStateException: No valid security context for the caller identity). 2.) If I perform a programmatic JAAS login inside of my MDB, but just before calling my SLSB, everything works fine. However, shouldn't I be able to use the unauthenticated identiy coupled with the RunAs role in this scenario??? Any thoughts? David View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977677#3977677 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977677 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
