I'm using JBoss 3 RC 3, and have JAAS enabled, i.e. included <security-domain /> in jboss.xml, and my MDB has

@ejb:security-identity run-as="Administrator" (xdoclet)

What should I do to pass the security code, i.e. bypass the below error:

04:35:36,654 INFO [STDOUT] 824693 [Thread Pool Worker-0] ERROR org.jboss.ejb.plugins.jms.JMSContainerInvoker - Exception in JMSCI message listener
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: No method permissions assigned to method=onMessage
java.lang.SecurityException: No method permissions assigned to method=onMessage
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:184)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:166)
at org.jboss.ejb.MessageDrivenContainer.invoke(MessageDrivenContainer.java:302)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker.invoke(JMSContainerInvoker.java:625)
at org.jboss.ejb.plugins.jms.JMSContainerInvoker$MessageListenerImpl.onMessage(JMSContainerInvoker.java:973)
at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:234)
at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMessageConsumer.java:560)
at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:377)
at org.jboss.mq.SpySession.run(SpySession.java:220)
at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:173)
at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:655)
at java.lang.Thread.run(Thread.java:484)

Thanks