The spec still says that getCallerPrincipal cannot return null. Whether or not there is an
unauthenticated identity has been a function of the security domain. Personally I wanted
to see the getCallerPrincipal changed to be consistent with the web tier getUserPrincipal
and return null if there was no caller, but the change was viewed as incompatible.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961568#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...