Make sure you secure your servlet and that you are logging in. If your servlet isn't secured, a null Subject is passed on to the EJB layer.
The configuration in the server/default/conf/login-config.xml for the "handlerName" configuration must include the org.jboss.security.ClientLoginModule in order to propagate the credentials to the ejb layer correctly. This is the default configuration for clients.
Thanks to Scott!
<login-module code = org.jboss.security.ClientLoginModule" flag = "required">
<application-policy name = "handlerName"> in login-config.xml works very well!