I have some questions about JAAS. 1. How do I map principal to Role in Ap Server(ex:JBoss)? 2. When do I need to execute Subject.doAs...? 3. When the authenticated subject has several principals, which one will be caller principal for EJB call?