Greg Jewell wrote:
The InvokerBean is looked up by a non-bean using the InitialContext.lookup methodology. InvokerBean is annotated with @RunAs("AUTHENTICATED_USER") and @SecurityDomain("SAMPLE"). The bean that's being invoked is acquired via injection oin the InvokerBean, and is annotated at the class level with @SecurityDomain("SAMPLE") and at the method level with @RolesAllowed("AUTHENITCATED_USER").
Can anybody confirm this, or do I need to do something additional with WF9?
What you have there should be good enough. I don't see anything obviously wrong or missing. Can you add the exact exception stacktrace and the bean code? Perhaps attach a reproducible application too.
I'm sorry -- I was given incorrect information. This was an area of the code that I don't have the ability to test because it deals with an external system that I don't have access to. The code did not work on WF9 CR2, either.
The exception wasn't being thrown when the InvokerBean with the @RunAs annotation was trying to invoke another gated EJB, but when the POJO was trying to call a method on the InvokerBean. Since InvokerBean was also annotated with @SecurityDomain, it needed to be invoked by a valid user. In AS7, the default access was @PermitAll if something wasn't explicitly labeled with permissions. In WF8, the default changed to @DenyAll. I made the appropriate code changes, and things started working again.
Sorry about the false alarm -- I should have checked into this more closely.