When using JAX-RS EJBs one supplies the @SecurityDomain annotation and is able to inject a SecurityContext. But I am now trying to get hold of a SecurityContext in a ContainerRequestFilter from the filter's ContainerRequestContext. The UserPrincipal seems to be null. How could one get a UserPrincipal from within a ContainerRequestFilter? I need it for some sort of revocation policy.