The error indicates that the ejb calling getCallerPrincipal has not been assigned a security domain. You need to set this via the jboss.xml descriptor for the ejb as described in the JAAS Howto post in this forum.
My beans are both assigned to the same security domain, S. This can be seen in jboss.xml
Surely if bean A CAN access B and both beans are assigned to the same domain, then getCallerPrincipal() should return the correct Principal?
Please forgive my ignorance, I believe I need to dig more into security propagation of EJBs. If I get any more problem, I will ask again!