I've checked the changelog for 2.2.2 - 2.4.1 but I can't seem to find anything pertinent to this problem.

Deploying an EAR that I developed using JBoss-2.2.2_Tomcat -3.2.2 to the current production version (JBoss-2.4.1a_Tomcat-3.2.3) fails on security. I have a secured servlet which calls a finder method on an Entity EJB (myEJB). Debugging the servlet shows that the principal is not null but the line which calls the finder on the EJB fails and produces the following trace:

[EmbeddedTomcatSX] 2001-09-21 17:41:02 - Ctx( /emps ): Exception in: R( /emps + /servlet/settings + null) - javax.servlet.ServletException: checkSecurityAssociation; nested exception is:
 java.lang.SecurityException: Authentication exception, principal=null
 at gov.dol.ocfo.emps.control.web.CriterionSelect.processRequest(CriterionSelect.java:186)
 at gov.dol.ocfo.emps.control.web.CriterionSelect.doGet(CriterionSelect.java:197)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
 at org.apache.tomcat.core.Handler.service(Handler.java:287)
 at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
 at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
 at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
 at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
 at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
 at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
 at java.lang.Thread.run(Thread.java:484)
Root cause:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
 java.lang.SecurityException: Authentication exception, principal=null
java.lang.SecurityException: Authentication exception, principal=null
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:168)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:92)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:106)
 at org.jboss.ejb.EntityContainer.invokeHome(EntityContainer.java:420)
 at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:437)
 at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:237)
 at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)
 at $Proxy120.findAll(Unknown Source)
 at gov.dol.ocfo.emps.control.web.CriterionSelect.processRequest(CriterionSelect.java:128)
 at gov.dol.ocfo.emps.control.web.CriterionSelect.doGet(CriterionSelect.java:197)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
 at org.apache.tomcat.core.Handler.service(Handler.java:287)
 at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
 at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
 at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
 at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
 at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
 at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
 at java.lang.Thread.run(Thread.java:484)

Is there anything I need to change in my code or deployment descriptors to make it work in 2.4.1a? This works fine in 2.2.2. Thanks in advance.