[keycloak-user] Permission issue in calling EJB from MDB

[valsaraj pv]

Hi,

We have recently switched from JAAS to Keycloak. Application is JavaEE
application with EJBs & MDBs.
Set keycloak login module in WildFly to propagate user from wen to EJB & it
worked.
But facing issue when an EJB is called from MDB. There is anonymoius user
in MDB when message received. So that user don't have permission to invoke
EJB protected by:

> <s:security>
> <ejb-name>*</ejb-name>
>
> <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
> <s:security-domain>keycloak</s:security-domain>
> </s:security>


In JAAS version, we have programmatic login using dedicated mdb user.
loginContext = new LoginContext("ldap", new CallbackHandler() {
     @Override
public void handle(Callback[] callbacks) {
int len = callbacks.length;
Callback cb;
for (int i = 0; i < len; i++) {
     cb = callbacks[i];
     if (cb instanceof NameCallback) {
NameCallback ncb = (NameCallback) cb;
ncb.setName(mdbuserName);
     } else if (cb instanceof PasswordCallback) {
PasswordCallback pcb = (PasswordCallback) cb;
pcb.setPassword(mdbUsrPass);
     }
}
     }
 });
 loginContext.login();

This have user with required permission. Since now moved to Keycloak, this
code will not work. What is the option to prevent permission issue in
calling EJB from  MDB?



Thanks!