Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
-
-
Compatibility/Configuration
-
Workaround Exists
-
Description
Test case attached. Please open as an Eclispe JBoss Tools project. It creates a Quartz-based MDB that tries to call various other beans (Session, Service and Singleton) that are secured with @RolesAllowed. To allow this, it uses @RunAs.
To observe the behaviour:
1. Deploy the app. Notice that the MDB (which triggers every minute) can successfully run the secured methods from the Session bean and the Service bean, but NOT the Singleton bean. The @RunAs credentials are not being passed to the @Singleton bean
2. Uncomment the lines indicated in the code (in RunAsTestMDB.java and jboss.xml). This sets a null security-domain on the Singleton bean, allowing it to be invoked. However immediately afterwards the MDB's @RunAs credentials are lost and it can no longer call the Session bean