I've been digging into JAAS & JBossSX for a while and didn't find anything that helps to solve my problem.
Maybe somebody can give me a pointer...
This is the call-stack : Application-client --> SessionBeanA --> SessionBeanB
The behaviour I want is the following :
1) The application client should be able to call session bean A without providing security information.
2) All calls that session bean A makes should be authenticated with a fixed username.
3) In session bean B the context.getCallerPrinciple().getName() should give this fixed username.
I want something like the run-as configuration in the ejb-jar. The only trouble is that the run-as configuration explicitly mentions that it will not affect the context.getCallerPrinciple().
Any pointer will be appreciated.
tom ATNOSPAM jbpm.org
...wow a month...
Just in case you don't have an answer, you could 'hard-code' you principal in the unauthenticatedIdentity entry in your Login-Config.xml...