The RMIAdaptor is not usable from within the server if you expect the security context to be maintained. Its purpose is for access from external clients where the security context cannot be leaked to the transport thread pool.
Use the MBeanServer directly.
Oh, thank you! It works!
But I have already written my own SecuredInvokerAdaptorService, which simple restores SecurityAssociation info instead of clear it.
Look at InvokerAdaptorService.java, line 266:
But I put the following lines there instead:
where storedPrincipal and storedCredential contains Principal and Credential which SecurityAssociation had before MBean invocation.
I am not sure it is correct. Can you answer me is it correct modification or have I broken something?
Your leaking the security context back to the calling thread. Its up to you to decide if this is broken behavior in your environment.