Hi, I am very new to J2EE and have just started out with WebLogic security. I have one question that I couln't get answered in any weblogic doc's. How is principal(user) identity propogation handled throught weblogic. Lets say for instance I log in as some user in the server from a servlet, that servlet in turn calls session beans and those session beans in turn call these regular java classes (no beans or servlets or jsps; just java). Could I retrieve the principal(users identity) in these java classes for the user that is currently using the services. The reason for me to ask this questions is that I would like to provide a security wall at the point where these java classes have to do some authorization to continue. I would really appreciate any help that I can get. Thank you, Jay.