I have been struggling with JAAS for a while, but have not found any documentation or a topic that completely addresses my issue (or I have seen it but was not able to recognize it)

This question is related to receiving the Principal from the SessionContext of a Stateless Session Bean. The bean is accessed using a factory based API class that I can execute from the command line. In the factory class, the user logs in using the following code:

try {
MyCallbackHandler cbhandler = new MyCallbackHandler(userId,pwd);
lc = new LoginContext("mydomain", cbhandler);
}
catch(LoginException le) {
le.printStackTrace();
throw new Exception(e);
}

try {
lc.login();
}
catch (LoginException le1) {
le1.printStackTrace();
throw new Exception(le1);
}

After this, from another method, the factory class instantiates the Home object reference and calls the create method to return an instance of the remote interface. I can then call a method on the remote interface.

On calling a method, that method in the EJB implementation executes the following code:

String loggedInUser = getSessionContext().getCallerPrincipal().getName();

Even after the successful login, the value of loggedInUser is always "Unknown", which is the unauthenticated identity set up in the deployment descriptor.

How can I get the EJB to recognize the user I logged in as? Do all the method invocations need to somehow be wrapped in a doAs call (which would require creating some kind of privilegedAction class wrapper around all my Session Beans, of which I have quite a few)? If so, what do I wrap?

Tx,
Nishant