> I am using DatabaseerverLoginModule (Oracle, which
> succcessfully authenticates the user when entering my
> secure area. Then I call a BMP entity bean from the
> servlet and within the bean call
> .getCallerPrincipal()on the EntityContext object.
Did you specify a security domain for the bean? (jboss.xml in the ejb.jar)
If that doesn't help, please tell me exactly what you are doing: are you using standard web security for your serlvet(s)? When is the user authenticated using the DatabaseerverLoginModule, is it a web user; for which domain (web or ejb) did you configure this module...?
> it was also neccessary to log in to the client-module
> but as far as i can tell this is no longer necessary
> in jboss3.x. Can anyone confirm/deny this and if it
> is neccessary is there a good resource on it?
If your servlet is authenticated using standard jboss (jetty) authentication, the use of a ClientLoginModule is not necessary (if that is what you mean...), propagating security context is done by the jboss-jetty integration code (JBossUserRealm to be precise).