4.0.x extended the notion of run-as to support an explicit principal to use as the run-as principal. If its not specified it defaults to anonymous. If you want nobody to show up as the run-as principal name then you would add a security-identity element to the jboss.xml:
| ... | <session> | <ejb-name>SomeSession</ejb-name> | ... | <security-identity> | <run-as-principal>nobody</run-as-principal> | </security-identity> | ... | It looks like we did not add support for this to the jboss-web.xml descriptor that that is a bug. A run-as principal in 4.0.x can also have more than one role rather than just the run-as value by using a security-role element in the jboss.xml/jboss-web.xml descriptor: | ... | <assembly-descriptor> | <security-role> | <role-name>ProjectAdmin</role-name> | <principal-name>RunAsWithRolesMDBPrincipal</principal-name> | </security-role> | <security-role> | <role-name>CreateFolder</role-name> | <principal-name>RunAsWithRolesMDBPrincipal</principal-name> | </security-role> | <security-role> | <role-name>DeleteFolder</role-name> | <principal-name>RunAsWithRolesMDBPrincipal</principal-name> | </security-role> | </assembly-descriptor> | These are assigned in addition to the run-as value from the ejb-jar.xml/web.xml descriptor. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3862669#3862669 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3862669 ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
