This exception happens when HornetQ checks if a MDB has the right to create a JMS Consumer.
Just before the exception occurs, I have a warning:
16:58:23,202 WARN [org.jboss.ejb.EjbModule] EJB configured to bypass security. Please verify if this is intended. Bean=MDB_QUEUETXNS_CMT Deployment=vfs:///Users/jmesnil/Desktop/as/trunk/build/target/jboss-6.0.0-SNAPSHOT/server/cts/tmp/jsr88/mdb_msg.ear/mdb_msg_ejb.jar/
and the MDB has the following configuration:
Is it valid to call JaasSecurityManager.doesUserHaveRole when the EJB bypasses security. And if it is not, how can I check it from the RealMapping or the AuthenticationManager?