Thanks a lot for your answer!
Do you have implemented a secured EJB? And did you use the Glassfish programmatic login to access secured remote methods?
As my EJB is secured I come to the conclusion that I need to run Liferay on top of Glassfish to get secured access with the portlet users principal.
[Message sent by forum member 'rsoika']
http://forums.java.net/jive/thread.jspa?messageID=479137