This content has been marked as final.
Show 2 replies
-
1. Re: MDB Security
alexlzl Jun 30, 2003 6:01 PM (in response to zumbiehl)I was facing the exact same problem, after searching this forum and some testing, looks like you should not (or can not) protect your MDB at all.
So, now I deploy MDB in its own jar without security domain, deploy other EJBs protected. In the onMessage() method of MDB, use LoginContext and Subject.doAs() to access secure EJBs. Think about it again, maybe there is no reason to protect MDB at all, it will always be called from internal. -
2. Re: MDB Security
zumbiehl Aug 7, 2003 8:17 PM (in response to zumbiehl)Just fyi
I fixed the problem using the option
<module-option name="unauthenticatedIdentity">
</module-option>
in jboss-login-config.xml
cheers