I'm attempting to call methods on a secured EJB from an unauthenticated source (a Message Driven Bean hooked up to a queue). The MDB has an EJB injected into it via @EJB, which is fine, but the target EJB has @SecurityDomain("stuff") and @RequireRole("user"), and on execution generates huge stack traces around:
17:14:03,275 ERROR [STDERR] java.lang.NullPointerException 17:14:03,276 ERROR [STDERR] at org.jboss.ejb3.security.helpers.EJBContextHelper.getCallerPrincipal(EJBContextHelper.java:99) 17:14:03,276 ERROR [STDERR] at org.jboss.ejb3.EJBContextImpl.getCallerPrincipal(EJBContextImpl.java:136)
I have tried to fix this by providing the role through an interim EJB annotated with @SecurityDomain("stuff") @RunAs("sysuser"), this interim bean has the original target EJB injected into it. My understanding is that the target EJB would have methods invoked from the interim bean under the Role of "sysuser". Yet, I still get the same stack traces, resulting in a database rollback of the create.
Is the Path MDB -> SecureEJB possible in some variation other without these stack traces? Is the proxy approach on the right path for success or is there something I need to add in to the mix?
Cheers, Andy