Well, I found it. The principal is actually not set, that's why the weld proxy throws that exception. Neither is it possible to get it from session bean context. The reason for that is that Liferay by default does not use JAAS to authenticate but use it's own framework. There is a jaas login module but it's too limited since JBoss implementation essentially only permits username and password to be submitted to authentication.