-
1. Re: MDB security again
adrian.brock Aug 13, 2003 7:18 AM (in response to uuu)<run-as> refers to the authorities.
You still need an authentication.
Just create a user with no roles for the unauthenicated
identity - that way if somebody uses that identity
for authentication they won't be authorised to do anything.
The MDB is ok because it is using the <run-as> authorities.
Regards,
Adrian -
2. Re: MDB security again
atomray Oct 12, 2003 12:05 PM (in response to uuu)Hi,
Like other people who have posted questions on this topic, I'm attempting to have my MDB call a session EJB that has a security constraint. I specify the run-as, but that did not permit me to interact with the session bean - it would not be authorized as the principal is null.
After reading messages in the JBoss forums, I added an unauthenticated identity, with a user that had no roles. This did not correct the problem, the principal remained null. After further searching, I found a code snippet that did a JAAS login in the MDB onMessage() method. I logged in as my guest user and was finally able to invoke my session bean's methods.
I don't believe I'm doing this correctly, although I managed to make it work. Is all this strictly necessary, or is there a more simple way to achieve this?
Thanks for your help,
Adam -
3. Re: MDB security again
adrian.brock Oct 15, 2003 8:36 PM (in response to uuu)Your problem is a security configuration issue not an mdb
issue.
Your unauthenticated identity is not configured correctly if it still
complaining about a null principal.
Regards,
Adrian