0 Replies Latest reply on Aug 12, 2003 4:00 AM by uuu

    MDB security again

    uuu Newbie

      I got a problem with MDB security.
      I wanna call a session bean from onMessage and that session bean is secured.
      So I placed <run-as> onto my MDB and in jboss.xml I configured it for using the same JASS realm as the session bean.
      All I get is Bad password for username=null.
      I've searched through the JBoss forums and docs and found the tip that says to put unauthenticatedIdentity in my login-config.xml.
      But why should I use such an ugly thing? Why should I rely upon unauthenticatedIdentity?
      Is this a feature I dont't understand?
      I'd better like to have MDB configured with some concrete user.
      And I did so by using <mdb-user> but it didn't help.
      And what about <run-as> feature in Session and Entity beans?
      Please help me, I guess it's not only me who hungers for more clean understanding of all this.