[jboss-jira] [JBoss JIRA] Created: (JBAS-6543) @RunAs no longer works on @Service beans

@RunAs no longer works on @Service beans ---------------------------------------- Key: JBAS-6543 URL: https://jira.jboss.org/jira/browse/JBAS-6543 Project: JBoss Application Server Issue Type: Bug Security Level: Public (Everyone can see) Components: EJB3 Affects Versions: JBossAS-5.0.1.GA Reporter: Jeff Schnitzer Assignee: Carlo de Wolf The behavior of security domains on @Service beans has changed from 4.2 to 5.0.1. @RunAs no longer works. This seems to make it impossible for a @Service to call a secured bean. Take two @Services, one ClientService and one ServerService. Here's the ServerService, note that it requires the "admin" role: @Service(objectName="test:service=Server") @SecurityDomain("foo") @RolesAllowed("admin") public class ServerService implements ServerManagement, Server { public void serve() {...} } The client tries to call the server: @Service(objectName="test:service=Client") @SecurityDomain("foo") @RunAs("admin") public class ClientService implements ClientManagement { @EJB Server server; public void start() { server.serve(); } } This generates exceptions "No security context set". Alternatively, if the Server is a stateless session ejb, the exception is "Caller unauthorized". This same code works in 4.2. If it will help I can attach a simple test project but since the error occurs on deployment (service start), I don't know how to create a unit test. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira