I am using JBoss 4.02, and I am in the process of enabling security authentication for all EJB methods.
I have got the various security domain stuff working, and I can now successfully authenticate a client connection (and successfully fail an incorrect client).
I am using various different roles on methods, assigned through the ejb-jar.xml descriptor file.
I'd like to be able to assign some roles to special users. It seems that the <security-role> part of the jboss.xml file is designed to do just this
(using the jboss.xml dtd here: http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd, approx line 1045).
However, this doesn't seem to be assigning the roles to the principal as expected. The comments seem to imply that this might only work when using run-as principal, not a normal principal. Is this correct?
Note that I am using a very similar mechanism for BEA WebLogic which works OK.