"[EMAIL PROTECTED]" wrote : run-as sets the role of the caller, but if there is no authenticated caller, then the security domain receiving the call has to all unauthenticated callers. run-as is a grant of a role, not identity. | Yes, I figured that out. So if I mark an MDB with run-as="myrole" I still have to explicitly login via JAAS prior to accessing a secured resource, but the roleset assigned to my newly established Subject will get replaced by "myrole"?
Olaf View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3872743#3872743 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3872743 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
