Yes, but in order to be completely compliant, I think the getCallerPrincipal() should
simply return a SimplePrincipal("anonymous") or something when there is no
security domain configured.
This is currently not the case in the EJB3 code, however the 2.1 code looks better?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3961793#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...