Hi,

there are many postings about priniples, <run-as-principal> and MDB's but no answers, so I try it again:

I'm using WildFly 10.0.0.

Is there a way to set the principle, which calls the method onMessage() of a message driven bean? I configured a run-as role for my MDB's:

<security-identity>

  <run-as>

    <role-name>TestMessageBeanRole</role-name>

  </run-as>

</security-identity>

and <method-permission> in the <assembly-descriptor> for the role:

<method-permission>

  <role-name>TestMessageBeanRole</role-name>

  <method>

    <ejb-name>TestMessageBeanHigh</ejb-name>

    <method-name>*</method-name>

  </method>

</method-permission>

When I do this, I get a authorization exception when the container tries to invoke onMessage(). So I configured all methods of the MDB's as <unchecked> in the <assembly-descriptor>, then the invocation works:

<method-permission>

  <unchecked />

  <method>

    <ejb-name>TestMessageBeanHigh</ejb-name>

    <method-name>*</method-name>

  </method>

</method-permission>

The question is now, if there is a posibility to configure the role or principal, which is used to invoke onMessage()?

I tried to configure a <run-as-principal> in  the JBoss deployment descriptor, but this doesn't help:

<s:security>

  <ejb-name>TestMessageBeanLow</ejb-name>

  <s:security-domain>other</s:security-domain>

  <s:run-as-principal>TestServerUser</s:run-as-principal>

</s:security>

The configuration of the user in application-roles.properties looks like this:

TestServerUser=TestMessageBeanRole

Hoping for an answer

Thomas