You can use <run-as> for the MDB
or do a jaas login before invoking the session bean
Thanks for your reply,
I tried using <run-as> in the MDB, but it still complains about NULL principal when creating another session bean.
The only thing that helped was modifying the securityContext in login-config.xml as follows:
I still don't understand why the <run-as> doesn't work ...
<run-as> means run using this role
Your unathenicated identity means "no principal"
can pass the authentication step.
Don't map the unathenticated identity to any
roles and you are ok.
Thanks again for your help
Somewhere I've read (maybe EJB-Spec.) that a container facing a run-as-role takes one of the users with this role as principal. WebLogic has an appserver specific setting "run-as-principal-name" (XDoclet tag: @weblogic.run-as-identity-principal) that allows to choose an user with the run-as-role manually if there are several.
So, shouldn't the setting of a run-as-role be enough since all J2EE security-settings are role-based!? But SecurityInterceptor throws already an exception if there is no user identity supplied and doesn't seem to set the principal to one of the users with that role.
Can this this be a feature request or am I wrong?
Regards Adrian & Zumbiehl,
The spec does not define what role the run-as role should use as the caller identity, and in JBoss, if there is no caller identity you need to configure that an unauthenticated caller should be mapped to some anonymous principal.