Hi
I have a ear/war under j2ee security.
I have a Servlet defined as RUN-AS becuase it is necessary to use it also if the user is not logged in.
This servlet call a Stateless EJB Session.
This EJB Session ask to the SessionContext the Principal (getCallerPrincipal )
But even if the user is logged or not.. the principal returned is always "anonymous"...
Should it instead the real authenticated user if is really logged ?
I believe yes... but I'm not sure.
I test it under JBoss 4.2.2 and JBoss 5.0.1
Any idea?
Thanks