> I've got a Security Exception, i.e. "username=null"
> and so on. In ejb1->method_B()is a call to invoke
I suppose your method_C in ejb2 is also in a security environment.
So, the way I see it, your ejb1 is a client of ejb2. You have authenticated for calls from a client to ejb1, but not for ejb1 being a client of ejb2, so you would need to perform the client side login within ejb1 before it accesses ejb2.
Many thanks for your reply.
I've tried out your suggestion and encountered the following cases:
1. If ejb1 is a stateless session bean, then no need to perform a client side login in order to invoke ejb2->method_C()successfully.
2. However, if ejb1 is a message driven bean, then even with a client side login (feeding in the correct username and password) I would still get a Security Exception (principal=null) on invoking the ejb2->method_C() call in ejb1.
Does anyone know what may be the cause of the Security Exception due to the message driven bean? Any possible solution or is this a bug?