We have been doing some testing using servlets calling EJB's from within
Orion and we are consistently getting the wrong caller principal from the
EntityContext.getCallerPrincipal method. We set up the properties object
for InitialContext with java.security.principal/credential and we've also
tried the RMIApp.java properties of username/password. No matter what we
set, we always get "guest" for the calling principal.

If I do the samething from a different JVM, the bean gets the correct
principal. This is a major problem for us as the BMP implementation is
using the value from getCallerPrincipal to enforce ACL's.



Reply via email to