Hi!
I got a problem with MDB security.
I wanna call a session bean from onMessage and that session bean is secured.
So I placed <run-as> onto my MDB and in jboss.xml I configured it for using the same JASS realm as the session bean.
All I get is Bad password for username=null.
I've searched through the JBoss forums and docs and found the tip that says to put unauthenticatedIdentity in my login-config.xml.
But why should I use such an ugly thing? Why should I rely upon unauthenticatedIdentity?
Is this a feature I dont't understand?
I'd better like to have MDB configured with some concrete user.
And I did so by using <mdb-user> but it didn't help.
And what about <run-as> feature in Session and Entity beans?
Please help me, I guess it's not only me who hungers for more clean understanding of all this.
Alexander