[jboss-jira] [JBoss JIRA] (AS7-3154) GetCallerPrincipal in timeout callback doesn't behave correctly

GetCallerPrincipal in timeout callback doesn't behave correctly ---------------------------------------------------------------- Key: AS7-3154 URL: https://issues.jboss.org/browse/AS7-3154 Project: Application Server 7 Issue Type: Bug Components: EJB Affects Versions: 7.1.0.CR1b Reporter: arjan tijms Labels: exception, security, timer Fix For: 7.1.0.Final Attachments: EJBTHREE-2274.zip When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS either throws an exception or returns the unauthenticated identity, but with the roles of the principal that scheduled the timer (if any). Per section 18.2.5.3 of the EJB 3.1 specification this is not correct: {quote} Since a timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within a timeout callback method, it returns the container's representation of the unauthenticated identity. {quote} EJBTHREE-1036 seems related.