I did this: * Set up JAAS framework so that I can log into jBoss application via a login servlet. * The login servlet, upon authorization, redirects me to another servlet called TestPropagation. * TestPropagation find an entity bean and then calls EntityContext.getCallerPrincipal(), via the bean's context. The Principal object returned is null. Why isn't the security identity authorized during the login servlet propagated to the TestPropagation servlet? How is this accomplished in such a way that we can predict what the Principal object should be? Regards, Charlie -- -------------------------------------------------------------- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] List Help?: [EMAIL PROTECTED]