I set security permissions in my EJB's methods. In a standard client, I apply the JAAS rules using the LoginModule and CallbackHandler.
Now, I must extend the invocation of my EJB methods from a JMX but I don't know where does the java.login.config fits in the new context, or how can I apply the the "runAs" as I could do from other EJB to access Secured EJB.
BTW, if I have a group of EAR with users.properties and roles.properties in each one some EJBs invoke another EJBs in another EARs, how can I assure the interoperability between them? Should I create the same users and the same roles in each EAR? Can't I share the properties database?