Sun GlassFish Enterprise Server 2.1 Release Notes


A method in an enterprise bean whose run-as, or propagated, security identity is defined by using the @RunAs annotation attempts to invoke a method in another enterprise bean. If no run-as principal is defined in the sun-ejb-jar.xml deployment descriptor file, the attempt might fail with a javax.ejb.AccessLocalException exception.

javax.ejb.AccessLocalException: Client not authorized for this invocation.