There seems to be a lot of unanswered questions about security.
I've posted an issue about implementing security and using MDB. I've seen this type of post happened from a few different angles but, it doesn't appear that there has been any progress or answers.
As it looks right now, (Version 3.0) there are some significant gaps in getting security to work for MDB.
Like I'm sure most on this web site, I have some project deadlines and it would be nice to get some feedback from the developers about the status of some of these issues.
Here is my scenario, which I can't imagine to be atypical.
I have published queue's that shouldn't accept messages from an un-authorized source(secured). I have MDB's that pick up these messages and deliver them to secured Session Beans. Here's the problem:
When I secure the queue's, I can't get the MDB to access them. When I unsecure the queue's, the container can't access the MDB because the principal is always null.
I've tried the "unauthenticatedIdentity" setting in every realm. I've assigned the MDB to a different domain than the rest of the EJB's (jbossmq domain). That allowed the MDB to attach to the secured queue put then the container failed to make calls to the OnMessage.
Anyhow, If someone has REALLY figured this out and has some how-to notes, I'd be greatful.
I don't have much hair as it is, and the last 2 days have removed more than I care to mention.
Thanks.