Hello, I have posted a similar question on the ejb3 forum but the conversation there has lead me to believe this is a better place to address it.

Here is the situation:

I have a struts/EJB3 application. The user logs in through an HTML Form which is backed by j_security_check. The user is then able to see certain areas of the application based on their roles.

In the EJB tier, I need to do some filtering based on these user roles, so I call sessionContext.getCallerPrincipal(). When this is called from the EJB tier (stateless session bean) it throws an illegal state exception, regardless of whether a user is logged in to the system or not.

This worked fine in EJB 2.1 but now that I'm migrating to EJB 3.0 it is not working. Some folks in the other forum mentioned that I may not have a LoginContext initialized but from what I've read, JBoss will set up a LoginContext for me when I use j_security_check.

I need to be able to call sessionContext.getCallerPrincipal() from the session bean in order to limit data retrieval on the EJB side based on user privileges to enhance performance.

Thank you in advance for your consideration and assistance!