I am thinking about "improving" security for my EJB applications. The mechanism we currently use in Jboss is to check whether the caller has permission. I want to make this be more strict by checking which method (of which bean) is calling (assume that beans are in the same container)
In the org.jboss.ejb.plugins.SecurityInterceptor class, we can easily get calling Principal. Can we get the information of the calling methods?