Are you saying, since MDBs dont have a client to access them, there is no way i can get callerPrincipal ?
Yes, as there is no authentication in place, there is no Principal involved (unless you have something ejb-container vendor dependent feature)
From the EJB3.1 specs:
5.4.13 Security Context of Message-Driven Bean Methods
A caller principal may propagate into a message-driven bean's message listener methods. Whether this occurs is a function of the specific message-listener interface and associated messaging provider, but is not governed by this specification.
Where do you you thought you would get your Principal from?
Does RunAs not alter the caller principal atleast on Session beans?
Nope, The RunAs annotation just tells the bean to play in another role (you are altering the Role of the Principal, not the name)
What are my alternatives.
Check the messaging provider if and how it is possible to map a user to a MDB.
Regards,
Frits