1 Reply Latest reply on Nov 20, 2011 6:40 AM by henk53

isCallerInRole doesn't work with @RunAs

henk53 Nov 20, 2011 6:04 AM

I'm using JBoss AS 6.10, and have the following bean:

@Stateless
@DeclareRoles({"MANAGEMENT"})
@SecurityDomain("MyDomain")
@RunAs("MANAGEMENT")
public class BlaBean {

    @Resource
    private SessionContext sessionContext;
  
    public void bla() {
        boolean test = sessionContext.isCallerInRole("MANAGEMENT");
    }
  
}

If I call bla() from an @Startup, @Singleton bean, the call results in an exception:

@Startup
@Singleton
public class TestSingleton {

    @EJB
    private BlaBean blaBean;
    
    @PostConstruct
    public void {
        blaBean.bla();
    }
}

Caused by: java.lang.NullPointerException
    at org.jboss.ejb3.security.helpers.EJBContextHelper.isCallerInRole(EJBContextHelper.java:134)
    at org.jboss.ejb3.EJBContextImpl.isCallerInRole(EJBContextImpl.java:164)
    at example.com.BlaBean.bla(BlaBean.java:19)

If a call bla() from a servlet or filter, there is no exception but isCallerInRole() returns false:

@WebFilter(filterName="testFilter", urlPatterns="/*")
public class testFilter extends HttpFilter {

    @EJB
    private BlaBean blaBean;

    @Override
    public void doFilter(HttpServletRequest request, HttpServletResponse response, HttpSession session, FilterChain chain) throws ServletException, IOException {
        blaBean.bla();
    }
}

I tried removing the @SecurityDomain, adding the @RunAS to the singleton, using the @RunAsIdentity in addition to @RunAs, checking that the @SecurityDomain is the 'good' one (org.jboss.ejb3.annotation.SecurityDomain), etc. Nothing seems to work.

Any help would be greatly appreciated.

1. Re: isCallerInRole doesn't work with @RunAs

henk53 Nov 20, 2011 6:40 AM (in response to henk53)

As an extra test, I added a third bean with an @RolesAllowed method:

@Stateless
@DeclareRoles({"MANAGEMENT"})
public class FooBean {

    @RolesAllowed({"MANAGEMENT"})
    public void test() {
        
    }    
}

Injecting this in BlaBean and calling the test() method results in the following excepting when the call chain starts in the @Singleton bean:

SEVERE [TestSingleton] : java.lang.IllegalStateException: Local Call: Security Context is null
          at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:109) [:1.7.21]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [:1.7.21]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) [:1.7.21]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.21]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86) [:1.7.21]
          at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:333) [:1.7.21]
          at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:158) [:1.7.21]
          at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invokeEndpoint(NoInterfaceViewInvocationHandler.java:143) [:6.1.0.Final]
          at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.access$000(NoInterfaceViewInvocationHandler.java:54) [:6.1.0.Final]
          at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler$1.invoke(NoInterfaceViewInvocationHandler.java:103) [:6.1.0.Final]
          at org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler$1.proceed(InterceptorInvocationHandler.java:84) [:1.0.0-alpha-1]
          at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:82) [:1.0.0-alpha-1]
          at org.jboss.ejb3.nointerface.impl.async.AsyncClientInterceptor.invoke(AsyncClientInterceptor.java:119) [:6.1.0.Final]
          at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74) [:1.0.0-alpha-1]
          at org.jboss.ejb3.nointerface.impl.invocationhandler.ObjectMethodsInterceptor.invoke(ObjectMethodsInterceptor.java:78) [:6.1.0.Final]
          at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74) [:1.0.0-alpha-1]
          at org.jboss.ejb3.sis.InterceptorAssembly.invoke(InterceptorAssembly.java:90) [:1.0.0-alpha-1]
          at org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler.invoke(InterceptorInvocationHandler.java:110) [:1.0.0-alpha-1]
          at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invoke(NoInterfaceViewInvocationHandler.java:115) [:6.1.0.Final]
          at org.jboss.ejb3.proxy.javassist.JavassistInvocationHandlerAdapter.invoke(JavassistInvocationHandlerAdapter.java:71) [:1.0.0]
          at example.com.BlaBean_$$_javassist_5.bla(BlaBean_$$_javassist_5.java) [:]
          at example.com.TestSingleton.doTest(StopMerchantTimerRestorer.java:40) [:]
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
          at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
          at org.jboss.ejb3.interceptors.aop.LifecycleCallbackBeanMethodInterceptor.invoke(LifecycleCallbackBeanMethodInterceptor.java:69) [:1.1.3]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) [:1.7.21]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) [:1.0.4]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.singleton.aop.impl.ConstructionInvocationContextAdapter.proceed(ConstructionInvocationContextAdapter.java:106) [:1.0.2]
          at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:247) [:0.0.2]
          at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:392) [:0.0.2]
          at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invoke(CMTTxInterceptor.java:211) [:0.0.2]
          at org.jboss.ejb3.tx2.aop.CMTTxInterceptorWrapper.invoke(CMTTxInterceptorWrapper.java:52) [:0.0.2]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) [:1.0.0.GA]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.21]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:90) [:1.1.3]
          at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_643991267.invoke(InvocationContextInterceptor_z_setup_643991267.java) [:]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1]
          at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA]
          at org.jboss.ejb3.singleton.aop.impl.AOPBasedSingletonContainer.invokeCallback(AOPBasedSingletonContainer.java:1061) [:1.0.2]
          at org.jboss.ejb3.EJBContainer.invokePostConstruct(EJBContainer.java:1396) [:1.7.21]
          at org.jboss.ejb3.singleton.aop.impl.AOPBasedSingletonContainer.postConstruct(AOPBasedSingletonContainer.java:762) [:1.0.2]
          at org.jboss.ejb3.singleton.impl.container.SingletonEJBInstanceManagerImpl.create(SingletonEJBInstanceManagerImpl.java:133) [:1.0.2]
          at org.jboss.ejb3.singleton.impl.container.SingletonEJBInstanceManagerImpl.get(SingletonEJBInstanceManagerImpl.java:152) [:1.0.2]
          at org.jboss.ejb3.singleton.deployer.StartupSingletonInitiator.start(StartupSingletonInitiator.java:84) [:1.0.2]
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
          at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
          at org.jboss.reflect.plugins.introspection.ReflectionUtils.invoke(ReflectionUtils.java:60) [jboss-reflect.jar:2.2.1.SP1]
          at org.jboss.reflect.plugins.introspection.ReflectMethodInfoImpl.invoke(ReflectMethodInfoImpl.java:168) [jboss-reflect.jar:2.2.1.SP1]
          at org.jboss.joinpoint.plugins.BasicMethodJoinPoint.dispatch(BasicMethodJoinPoint.java:66) [jboss-reflect.jar:2.2.1.SP1]
          at org.jboss.kernel.plugins.dependency.KernelControllerContextAction$JoinpointDispatchWrapper.execute(KernelControllerContextAction.java:257) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.ExecutionWrapper.execute(ExecutionWrapper.java:47) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchExecutionWrapper(KernelControllerContextAction.java:125) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchJoinPoint(KernelControllerContextAction.java:72) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.LifecycleAction.installActionInternal(LifecycleAction.java:202) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:54) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:42) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:379) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2044) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1083) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1322) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1246) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1139) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:939) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:654) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.system.ServiceController.doChange(ServiceController.java:671) [:6.1.0.Final (Build SVNTag:JBoss_6.1.0.Final date: 20110816)]
          at org.jboss.system.ServiceController.start(ServiceController.java:443) [:6.1.0.Final (Build SVNTag:JBoss_6.1.0.Final date: 20110816)]
          at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:189) [:6.1.0.Final]
          at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:102) [:6.1.0.Final]
          at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:49) [:6.1.0.Final]
          at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:63) [:2.2.2.GA]
          at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1832) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1550) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1571) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1603) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1491) [:2.2.2.GA]
          at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:379) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2044) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1083) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1322) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1246) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1139) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:939) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:654) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.change(DeployersImpl.java:1983) [:2.2.2.GA]
          at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:1076) [:2.2.2.GA]
          at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:679) [:2.2.2.GA]
          at org.jboss.system.server.profileservice.deployers.MainDeployerPlugin.process(MainDeployerPlugin.java:106) [:6.1.0.Final]
          at org.jboss.profileservice.dependency.ProfileControllerContext$DelegateDeployer.process(ProfileControllerContext.java:143) [:0.2.2]
          at org.jboss.profileservice.dependency.ProfileDeployAction.deploy(ProfileDeployAction.java:151) [:0.2.2]
          at org.jboss.profileservice.dependency.ProfileDeployAction.installActionInternal(ProfileDeployAction.java:94) [:0.2.2]
          at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:54) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:42) [jboss-kernel.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:379) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:2044) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:1083) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.executeOrIncrementStateDirectly(AbstractController.java:1322) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1246) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1139) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:939) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:654) [jboss-dependency.jar:2.2.0.SP2]
          at org.jboss.profileservice.dependency.ProfileActivationWrapper$BasicProfileActivation.start(ProfileActivationWrapper.java:190) [:0.2.2]
          at org.jboss.profileservice.dependency.ProfileActivationWrapper.start(ProfileActivationWrapper.java:87) [:0.2.2]
          at org.jboss.profileservice.dependency.ProfileActivationService.activateProfile(ProfileActivationService.java:215) [:0.2.2]
          at org.jboss.profileservice.dependency.ProfileActivationService.activate(ProfileActivationService.java:159) [:0.2.2]
          at org.jboss.profileservice.AbstractProfileService.activateProfile(AbstractProfileService.java:154) [:0.2.2]
          at org.jboss.system.tools.ProfileServiceToolsFacade.addURI(ProfileServiceToolsFacade.java:233) [:6.1.0.Final]
          at org.jboss.system.tools.LegacyDeploymentScannerAdapter.addURL(LegacyDeploymentScannerAdapter.java:140) [:6.1.0.Final]
          at org.jboss.system.tools.DeploymentScanner.addURL(DeploymentScanner.java:91) [:6.1.0.Final]
          at org.jboss.system.tools.DeploymentScanner.addURL(DeploymentScanner.java:83) [:6.1.0.Final]
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
          at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
          at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157) [:6.0.0.GA]
          at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96) [:6.0.0.GA]
          at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) [:6.0.0.GA]
          at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:271) [:6.0.0.GA]
          at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:670) [:6.0.0.GA]
          at org.jboss.system.server.jmx.MBeanServerWrapper.invoke(MBeanServerWrapper.java:138) [:6.1.0.Final]
          at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1427) [:1.6.0_20]
          at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) [:1.6.0_20]
          at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1265) [:1.6.0_20]
          at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1360) [:1.6.0_20]
          at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) [:1.6.0_20]
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20]
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20]
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20]
          at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20]
          at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305) [:1.6.0_20]
          at sun.rmi.transport.Transport$1.run(Transport.java:159) [:1.6.0_20]
          at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_20]
          at sun.rmi.transport.Transport.serviceCall(Transport.java:155) [:1.6.0_20]
          at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535) [:1.6.0_20]
          at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790) [:1.6.0_20]
          at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649) [:1.6.0_20]
          at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_20]
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_20]
          at java.lang.Thread.run(Thread.java:637) [:1.6.0_20]

If I start the same call from the Filter again, there is no exception, but @RolesAllowed is simply ignored. It doesn't matter what I put in @RolesAllowed, the call is always allowed.

Note that the filter is called for the first request after JBoss AS has started and no authentication has been done at that point (the request is also not for a protected resource).