Hi,
there are many postings about priniples, <run-as-principal> and MDB's but no answers, so I try it again:
I'm using WildFly 10.0.0.
Is there a way to set the principle, which calls the method onMessage() of a message driven bean? I configured a run-as role for my MDB's:
<security-identity>
<run-as>
<role-name>TestMessageBeanRole</role-name>
</run-as>
</security-identity>
and <method-permission> in the <assembly-descriptor> for the role:
<method-permission>
<role-name>TestMessageBeanRole</role-name>
<method>
<ejb-name>TestMessageBeanHigh</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
When I do this, I get a authorization exception when the container tries to invoke onMessage(). So I configured all methods of the MDB's as <unchecked> in the <assembly-descriptor>, then the invocation works:
<method-permission>
<unchecked />
<method>
<ejb-name>TestMessageBeanHigh</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
The question is now, if there is a posibility to configure the role or principal, which is used to invoke onMessage()?
I tried to configure a <run-as-principal> in the JBoss deployment descriptor, but this doesn't help:
<s:security>
<ejb-name>TestMessageBeanLow</ejb-name>
<s:security-domain>other</s:security-domain>
<s:run-as-principal>TestServerUser</s:run-as-principal>
</s:security>
The configuration of the user in application-roles.properties looks like this:
TestServerUser=TestMessageBeanRole
Hoping for an answer
Thomas