Ive read the articles and docs but i still dont have a clear understanding of why the Caller Principal role group should be used. I know if the LoginModule cant find an entry for the role group named "CallerPrincipal" EJBContext.getCallerPrincipal() returns the client identity Principal. Why would this not be the desired behaviour?