I have a Java EE web application that is secured with JASPIC and @RolesAllowed annotations on my EJBs. I use a managed executor service to run a number of tasks.
However, the tasks are not run as any user so I get permission denied errors while attempting to access my EJBs. I've tried using the @RunAs annotation, but that doesn't seem to work.
How can I programatically authenticate?
I have abstract class
public abstract class AbstractTask implements Runnable...
and a concrete class, I then submit the task to the managed executor service
mes_.submit(task);
I've tried putting @RunAs on both classes, but neither work.
There is unfortunately no facility in Java EE to programmatically login outside of a web context.
JASPIC should have provided that, but it was somehow forgotten or the powers that be had other things on their mind. The JASPIC spec document mentions it somewhere at the end that they would look into it later, but it just never happened.
@RunAs is a bit limited, but nevertheless should work in general for this case. You may need to provide some code, and WildFly may demand some custom configuration for this.
Are your @RolesAllowed annotated EJB methods only called from the managed executor service? In WildFly 8 @RolesAllowed is broken when an EJB is called from a Servlet, but that should be fixed in WildFly 9.