I may be way off, but it is worth a try to help. If you want your Message Driven bean to have a run-as identity when accessing your session bean, then you need to put the run-as element in your message bean configuration (in ejb-jar.xml). You have shown it in your session bean config. Because you did not assign the run-as role to your message driven bean, the run-as-principal (in jboss.xml) does not get set.
I made this change, puting run-as in message driven. It did not work.
I made the same test in Jboss 4.0.3 and also it did not work.
So, let me say a little observation...
The message driven is not authenticated. It's is a batch process that receive message from an external system.
thanks for help me.
Did you ever get that working? Do you know if <use-caller-identity> would be a possible solution to the problem? In my case, I'm consuming messages generated by my own application (not an external one).