[jboss-jira] [JBoss JIRA] (EJBTHREE-2274) GetCallerPrincipal in timeout callback doesn't behave correctly

GetCallerPrincipal in timeout callback doesn't behave correctly ---------------------------------------------------------------- Key: EJBTHREE-2274 URL: https://issues.jboss.org/browse/EJBTHREE-2274 Project: EJB 3.0 Issue Type: Bug Reporter: arjan tijms Labels: exception, security, timer When {{getCallerPrincipal}} is called from within a timeout callback method, JBoss AS either throws an exception or returns the unauthenticated identity, but with the roles of the principal that scheduled the timer (if any). Per section 18.2.5.3 of the EJB 3.1 specification this is not correct: {quote} Since a timeout callback method is an internal method of the bean class, it has no client security context. When getCallerPrincipal is called from within a timeout callback method, it returns the container's representation of the unauthenticated identity. {quote} EJBTHREE-1036 seems related.