The same as any client trying to access a secured ejb. Do a jaas login to set the caller identity.
Sorry for my inaccurate problem description. My problem isn't to write a client authentication. You can find a lot of examples for this topic. I'm very interessed in the point to make a client authentication without storing any informations of it together with the other authentication data in the database. The "real" user authentication data shouldn't be soiled by the one of the bootstrap. In the case the database doesn't contain any data (first installation i.e.) the deployment bootstrap *requires* a database aware authentication.
That still does not describe what you are trying to do adequately. It sounds like a chicken or the egg problem where you want to access a secured ejb before the security database is setup.
Yes indeed, it sounds like the chicken and egg problem. But the fowl problem isn't unsolvable: First, there was a chicken like creature that lays the egg. Not a really surprising answer thinking about evolution, or? Let's go a step ahead: If the chicken and egg problem is solvable, why should the deployment bootstrap problem not be solvable? Ok, this line of argument may assailable.
But seriously, why do you secure your server-app? In my opinion you secure it against clients. Is the deployment of your server-app a server or a client operation? I would answer: "A server-sided operation". Furthermore, if I write the bootstrap and deploy it together with the server-application, shouldn't the container trust the code of the bootstrap if I do?
Second thought: One very important feature of j2ee is the abstraction layer accessing databases. By this, you can really write a server application sql-aware and independent from database vendors. But why must I use a sql script and care about the differences between vendors when I initialize the database? Why can't I use consequently use the abstraction layer even when I initialize the database? Would you like buy a Porsche 911 without keys (if you had the money to buy one)? Would you really like to short-circuit you own 911? I don't! I would ask for the keys!
Finally found a solution:
1.) Switch to sequential deployment in the deployment descriptor.
2.) Define an archive with local scoped ejbs inside the ear. It should even contains the o/r mapping.
3.) Define an archive with mbeans. The mbeans do the bootstrapping.
4.) Define an archive for remote scoped ejbs.
5.) Ensure the order of these archives equal to this enumation in the deployment descriptor.
Define dependencies and barriers correctly or the deployment order will change!