This content has been marked as final. Show 2 replies
Unfortunately, if I secure my EJBs, then the servlet cannot access them, as it runs under a null user principal. Run-as role doesn't help that.
Are you sure? From reading the servlet spec just now, run-as seems to be exactly what you need. Do you have the role specified properly in the web.xml? Are you sure your principal is null in the EJB? And are you sure you have specified that that role can use that EJB?