We need to run a servlet that is not secured in any way (public
service).
The servlet needs to access session bean X (local interface, same EAR)
that also is not secured but marked as @RunAs("User")
That session bean X needs to access another session bean (local
interface, same EAR) Y which IS secured by @RolesAllowed("User").
At runtime, when SB X calls SB Y, GlassFish says that we do not have
access rights to execute the business method of SB Y.
We do not understand that, because SB X is marked with @RunAs, so we
expect propagation of access rights of this role.
GF: v2ur1
JDK: 6
We have no idea why that is not working.
Any ideas how to solve that?
(server.log is attached so you can see the full stack trace)
Thanks!
Markus