@RunAs/@RunAsPrincipal are ignored for @Startup/@Singleton bean --------------------------------------------------------------- Key: AS7-6734 URL: https://issues.jboss.org/browse/AS7-6734 Project: Application Server 7 Issue Type: Bug Components: EJB Affects Versions: 7.1.3.Final (EAP) Reporter: Derek Horton The @RunAs/@RunAsPrincipal annotations get ignored when used on a singleton bean that is annotated with @Startup. This means the the singleton bean is not able to call protected EJBs. If the protected EJB is annotated with @PermitAll, then the singleton is able to invoke the method because the AuthorizationInterceptor create an "anonymous" user that is treated as authenticated. However, the @RunAsPrincipal is ignored as the getCallerPrincipal() returns anonymous instead of the @RunAsPrincipal. I dug around in the code and it looks like the @RunAs/@RunAsPrincipal annotations are getting handled correctly during deployment: Step completed: "thread=MSC service thread 1-3", org.jboss.as.ejb3.deployment.processors.merging.RunAsMergingProcessor.handleDeploymentDescriptor(), line=126 bci=249 MSC service thread 1-3[1] print componentConfiguration.getRunAs() componentConfiguration.getRunAs() = "JBossAdmin" MSC service thread 1-3[1] print componentConfiguration.getRunAsPrincipal() componentConfiguration.getRunAsPrincipal() = "fred" However, by the time the SecurityContextInterceptor is called, the runAs/runAsPrincipal settings are null.