JBossDeveloper

 

So aftre both these calls, server itself will create a jms message for audit and it will put in a queue and an MDB will pick the message and for processign this message MDB will try to call the secured EJB

JMS/MDB is asynchronous....JMS/MDB systems are meant for distributed enterprise messaging and they are asynchoronous You are mis-using messaging for auditing...
So there is your problem Asynchronous nature of JMS/MDB.......Correct your flow...Also why use JMS/MDB for auditing ? Seems odd...Can you use
a simple POJO ? May be you can have your flow as follows :-

Java Client logs in --> calls jaas module --> calls secured ejb --> calls unsecured ejb --> calls a jms client --> break here, call POJO for auditing & return to client

 

So what you are saying is that from an MDB, we cant access a secured EJB

Bottom line is that to access your secured ejb, you need to do a jaas login.
My hunch is that as a part of your login process, calls a jms client, which sends a message, which a MDS recieves asynchronously, then tries to access the secured ejb...Since it is asynchronous, it has to re-login to access the secured ejb. This seems convoluted.

 

"eefahs" wrote:


So what you are saying is that from an MDB, we cant access a secured EJB?

See this http://wiki.jboss.org/wiki/SecurityExceptionWhenAccessingSecuredEJBFromAnMDB.

Also look at the ejb-jar.xml dtd which allows a "run-as" http://java.sun.com/dtd/ejb-jar_2_0.dtd. You can use that on the MDB definition in the ejb-jar.xml and specify the role name which has access to the secured EJB.