On table 12 p344 of the EJB spec, it states that getCallerPrincipal() as one of the methods that can be called within a message listener method (i.e. onMessage()). Does anyone know why it is legal to call getCallerPrincipal, when there is no 'direct' caller for a message driven bean?
"Invoking the getCallerPrincipal() and isCallerInRole(...) methods is DISALLOWED in the message-driven bean methods because the Container DOES NOT HAVE a client security context. The Container MUST throw and log the java.lang.IllegalStateException if either of these methods is invoked."
The above explanation makes sense to me. I am confused as to why the EJB spec states 'getCallerPrincipal()' as one of the methods allowed to be called. I will assume it is an error on the EJB spec. But can someone confirm?