2 Replies Latest reply on Aug 7, 2003 8:17 PM by zumbiehl

    MDB Security

    zumbiehl Newbie


      Could you please help me with a configuration problem with my MDB.

      I am running an MDB with a Container configuration linked to a security domain.

      when the MDB creates a Session Bean , I systematically get a security exception (Principal = null) even if I run the MDB with appropriate role in
      <run-as> in ejb-jar.

      My MDB and session beans use the same security domain.

      If I remove the container configuration in the session bean, every thing works fine.

      Is there a way to allow secured MDB invoking secured session beans ? or MDB can only invoke unsecured session beans ..

      Thanks for your help

        • 1. Re: MDB Security
          Alex Li Newbie

          I was facing the exact same problem, after searching this forum and some testing, looks like you should not (or can not) protect your MDB at all.

          So, now I deploy MDB in its own jar without security domain, deploy other EJBs protected. In the onMessage() method of MDB, use LoginContext and Subject.doAs() to access secure EJBs. Think about it again, maybe there is no reason to protect MDB at all, it will always be called from internal.

          • 2. Re: MDB Security
            zumbiehl Newbie

            Just fyi
            I fixed the problem using the option
            <module-option name="unauthenticatedIdentity">
            in jboss-login-config.xml