Do you have any security declarations on the MDB? Or are you trying to use isCallerInRole or getPrincipal?
Neither of these things should be done, a MDB has no knowledge about the client as such so it cannot have security based on the identity of the client.
(I guess there is some way to put security on topics/queues, only allowing certain clients to send messages, not sure how that is configured in JBoss though).
I've encountered the same problem, i.e. after setting the security-domain in the ejb-jar.xml, the MDB throws a security exception - complaining about "username=null".
Without setting the security-domain, the MDB is working fine.
In my case, I'm using a stateless session bean to invoke the MDB. The principal and credentials can be successfully accepted by the session bean, but not the MDB.
So, are there any additional steps in order to forward the principal and credentials to the MDB?
When JBossMQ wants to execute the onMessage MDB method, JBossMQ must have permission to execute it. The way I make it work is as follows:
1 - In the auth.conf file, inside the database-login block (before the ;) add the following line:
2 - In the MDB descriptor add:
3 - Add the the user "message" with the "Message" rol in you security framework.