Ah, yes. I am making the call from an unsecured element. I'm using struts, and the call is from the action class, through a service level facade, to the sesion ejb. Only the jsps were defined as secured in the web collection.
If I secure everything in the web-collection (using url-pattern /*) the principal is recognized in the session ejb and is available to the next page, so it looks like that's the cause. Thanks very much. I only wish I'd asked here last week before the dent in the wall made by my head had become so deep. Cheers, Jon View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3874896#3874896 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3874896 ------------------------------------------------------- This SF.Net email is sponsored by: New Crystal Reports XI. Version 11 adds new functionality designed to reduce time involved in creating, integrating, and deploying reporting solutions. Free runtime info, new features, or free trial, at: http://www.businessobjects.com/devxi/728 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user