2 Replies Latest reply on Aug 7, 2003 8:17 PM by zumbiehl

MDB Security

zumbiehl Jun 24, 2003 5:41 AM

Hi,

Could you please help me with a configuration problem with my MDB.

I am running an MDB with a Container configuration linked to a security domain.

when the MDB creates a Session Bean , I systematically get a security exception (Principal = null) even if I run the MDB with appropriate role in
<run-as> in ejb-jar.

My MDB and session beans use the same security domain.

If I remove the container configuration in the session bean, every thing works fine.

Is there a way to allow secured MDB invoking secured session beans ? or MDB can only invoke unsecured session beans ..

Thanks for your help
christian

1. Re: MDB Security

alexlzl Jun 30, 2003 6:01 PM (in response to zumbiehl)

I was facing the exact same problem, after searching this forum and some testing, looks like you should not (or can not) protect your MDB at all.

So, now I deploy MDB in its own jar without security domain, deploy other EJBs protected. In the onMessage() method of MDB, use LoginContext and Subject.doAs() to access secure EJBs. Think about it again, maybe there is no reason to protect MDB at all, it will always be called from internal.
Actions
2. Re: MDB Security

zumbiehl Aug 7, 2003 8:17 PM (in response to zumbiehl)

Just fyi
I fixed the problem using the option
<module-option name="unauthenticatedIdentity">
</module-option>
in jboss-login-config.xml
cheers
Actions

Go to original post