I am developing a client server app using JBoss and ejb3. I have a client based on eclipse and they work very nicely together. I was using an existing login mechanisim but decided to start using the new ejb3 security annotations etc. instead.
My question here is what is the best pratice with ejb3. I have set up a custom JAAS login handler module with a LoginContext connecting to my backend database which is fine. The problem I see though is that the logged in principal etc is not propagated to subsequent ejb access once a successful login has occurred. When I use the JNDI InitialContext method the login works fine, the principal is also propagated via the initialContext lookups.

What is the best approach here? Should I be mixing JNDI and JAAS but how do I propagate the principle etc.

Comments !!!!!