There is no way of getting at user information because Message Driven Beans are anonymous.
The EJB Spec. 2.0 says, on Page 320, "Invoking the getCallerPrincipal and isCallerInRole methods is disallowed in the message-driven bean methods because the Container does not have a client security context".
You could use a "run-as" principal within the Deployment Descriptor to supply a role that is allowed to perform the methods that you wish to access (see Page 447).
That still doesn't give you access to the real identity of the message sender, but would allow you to call the secured Session Bean.
OK, I understand. That's bad news.
Can I get a workaroud, sending the username and password in the JMS Message, creating the LoginContext and doing loginCxt.login() ?
Thanks for your reply.