We have a little problem using EJBContext.getCallerPrincipal() from ejbCreate(). We have the following situation:
* BeanA calls getCallerPrincipal() from its ejbCreate().
* BeanB does not.
If BeanA.create() is called first, we get IllegalStateException, no security context set.
If BeanB.create() is called first however, BeanA.create() works just dandy.
I'm a little unsure what is the correct behavior here. Reading the spec at page 80, it says that getCallerPrincipal should be callable from ejbCreate(). However, on page 436 it says that it should only be accessed from 'business methods'.
Any help greatly appreciated.
It all depends if you set the security context? What I mean is that before using any EJB that call getCallerPrincipal you should be an authenticated user in JBoss. This can be achieved using JAAS LoginModule.