I have a message driven bean that creates a stateless session bean in its ejbCreate and tries to remove it in its ejbRemove method. Access to the stateless session bean is granted for user "Admin", the MDB has run-as "Admin".
Usually everything works fine. When I close down JBoss, however, there is an exception in the ejbRemove of the MDB saying that it does not have the priviledges to remove the session bean (this is right, because it reports the current principal being "null" and the required principal being "Admin").
What principal is used by JBoss when it calls ejbRemove? Shouldn't it also be the run-as principal used in "onMessage" and "ejbCreate"? Is this a bug?
ejbRemove for an MDB is invoked by the server, it does not
have an associated security context.
You will have to establish one with a jaas login using
the client-login context for example.
ejbRemove on a StatelessSessionBean is fruitless. The
container will ignore it.