0 Replies Latest reply on May 19, 2009 9:38 AM by roberto roberto

    Doubts about getCallerPrincipal and Servlet under Run-As

    roberto roberto Novice

      I have a ear/war under j2ee security.

      I have a Servlet defined as RUN-AS becuase it is necessary to use it also if the user is not logged in.

      This servlet call a Stateless EJB Session.
      This EJB Session ask to the SessionContext the Principal (getCallerPrincipal )

      But even if the user is logged or not.. the principal returned is always "anonymous"...

      Should it instead the real authenticated user if is really logged ?
      I believe yes... but I'm not sure.

      I test it under JBoss 4.2.2 and JBoss 5.0.1

      Any idea?