Standard way. J2EE defined, similar to security in servlet context.
This is categorized as programmatic security.
Right, thanks Steve, but I had cottoned on to that one already. What I need to know is, once I've got my userId, can I store it in EJB anywhere?
What the equivalent of the HTTP session?
Is it possible to edit the caller principal object?