It means that getCallerPrincipal() will return null in case no user was
actually authenticated, even if a @RunAs annotation (or deployment descriptor
entry) is provided. The @RunAs principal is only used to gain authorization,
but will not be returned when calling getCallerPrincipal. While that sounds
unfeasible, it is what the spec wants and what a compliant EJB container will
do.
--
[Message sent by forum member 'mkarg']
View Post: http://forums.java.net/node/826153