[jboss-dev-forums] [Design of Security on JBoss] - Re: EJBSpecUnitTestCase and the MDB Run As related tests
anil.saldhana@jboss.com
do-not-reply at jboss.com
Fri Sep 5 14:51:34 EDT 2008
The issue with the MDB run as tests was that there was the
| <use-caller-identity/>
|
tag missing in the Level1CallerBean.
MDB->Level1CallerBean->Level2CallerBean->Level3CallerBean
If Level1CallerBean does not define an explicit run-as or use-caller-principal, the run-as defined by the MDB can never be propagated to Level2CallerBean. Level2CallerBean defines use-caller-identity.
Not sure how this worked in 4.x
In JBAS5, we have clear separation of run as and subject principals. More spec-like behavior.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4174705#4174705
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4174705
More information about the jboss-dev-forums
mailing list