EJB Security: Not getting correct name in Principal

Hello,

I am trying out to implement security in EJB3, with stand alone client. Here is the code.

Client

public class MyDelegate {

public static void main(String args[]){
		new MyDelegate().hello();
	}
	
	Student hello(){
		try{
		Properties properties = new Properties();
		properties.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory"
		);
		properties.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
		properties.put("java.naming.provider.url","localhost:1099");

System.setProperty("java.security.auth.login.config", "client.conf");
		System.setProperty("java.security.policy", "client.policy");
		
		
		//System.out.println(""+TestBean1.class.getSimpleName());
		Context context;
		try
		{
			
		LoginContext loginContext=null;
		try {
			loginContext = new LoginContext("HelloClient", new CallbackHandler("vishal.shukla","vishal"));
			loginContext.login();
		} catch (LoginException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
			
			
		context = new InitialContext(properties);
		System.out.println("Going to lookup TestBean");
		HelloUserRemote beanRemote = (HelloUserRemote)
		context.lookup("java:/HelloUserBean/remote");
		Student st = new Student();
		st.setName("Vishal");
		st.setSchool("S");
		Student s = beanRemote.hello(st);
		System.out.println("Completed lookup TestBean");
		return s;
		} catch (NamingException e)
		{
			e.printStackTrace();
		
		throw new RuntimeException(e);
		}catch(EJBException e){
			e.printStackTrace();
			throw new RuntimeException(e);
		}
		
		} catch(Throwable t){
			t.printStackTrace();
			throw new RuntimeException();
		}
		
	}
}

LoginModule

public class PasswordLoginModule implements LoginModule {

private Subject subject;
	/**
	 * the callback handler is the mechanism to collect authentication data
	 */
	private javax.security.auth.callback.CallbackHandler callbackHandler;
	/** credentials: username and password */
	private String username;
	private char[] password;

/**
	 * Initializes us with a particular subject to which we will later add the
	 * collected password data.
	 */
	public void initialize(Subject subject,
			javax.security.auth.callback.CallbackHandler callbackHandler,
			Map sharedState, Map options) {
		this.subject = subject;
		this.callbackHandler = callbackHandler;
	}

/**
	 * Authenticate the user by prompting for a user name and password. It is
	 * called when the client tries to log in.
	 * 
	 * @return true in all cases since this <code>LoginModule</code> should not
	 *         be ignored.
	 * @exception FailedLoginException
	 *                if the authentication fails.
	 * @exception LoginException
	 *                if this <code>LoginModule</code> is unable to perform the
	 *                authentication.
	 */
	public boolean login() throws LoginException {
		// prompt for a username and password
		if (callbackHandler == null) {
			throw new LoginException("Error: No CallbackHandler "
					+ "available to collect authentication information");
		}
		// set up a name callback and a password callback
		Callback[] callbacks = new Callback[2];
		callbacks[0] = new NameCallback("username: ");
		callbacks[1] = new PasswordCallback("password: ", false);
		try {
			// let handler handle these
			callbackHandler.handle(callbacks);
			// get authentication data
			username = ((NameCallback) callbacks[0]).getName();
			if (username == null) {
				throw new LoginException("No user specified");
			}
			char[] tmpPassword = ((PasswordCallback) callbacks[1])
					.getPassword();
			if (tmpPassword == null) {
				// treat null password as an empty password
				tmpPassword = new char[0];
			}
			password = new char[tmpPassword.length];
			System.arraycopy(tmpPassword, 0, password, 0, tmpPassword.length);
			((PasswordCallback) callbacks[1]).clearPassword();
		} catch (java.io.IOException ioe) {
			throw new LoginException(ioe.toString());
		} catch (UnsupportedCallbackException uce) {
			throw new LoginException("Error: No Callback available "
					+ "to collect authentication data :"
					+ uce.getCallback().toString());
		} catch (Exception e) {
			e.printStackTrace();
		}
		// The client side login module will always succeed. The
		// actual login will take place on the server side when the
		// security context is passed.
		return true;
	}
        // .... And other required methods.

CallbackHandler

public class CallbackHandler implements
		javax.security.auth.callback.CallbackHandler {
	
	
	private String userName;
	private String password;
	
	public CallbackHandler(String userName, String password){
		this.userName = userName;
		this.password = password;
	}
	// TODO Auto-generated method stub
	/**
	 * @param callbacks
	 *            an array of <code>Callback</code> objects
	 * 
	 * @exception java.io.IOException
	 * @exception UnsupportedCallbackException
	 *                if the <code>callbacks</code> parameter contains unknown
	 *                callback objects
	 */
	@Override
	public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
		for (int i = 0; i < callbacks.length; i++) {
			if (callbacks[i] instanceof NameCallback) {
				// prompt user for name
				NameCallback nc = (NameCallback) callbacks[i];
				nc.setName(userName);                          [b] // Should this be retrieved in the name property of Principal?[/b]
			} else if (callbacks[i] instanceof PasswordCallback) {
				// prompt user for password
				PasswordCallback pc = (PasswordCallback) callbacks[i];
				pc.setPassword(password.toCharArray());
			} else {
				throw new UnsupportedCallbackException(callbacks[i],
						"nrecognized Callback");
			}
		}
	}

}

Bean method

When I print "name" property of principal in bean, I am not getting the name I had set in the NameCallback. Is there any flaw in this implementation? I am having this doubt because I am not prompting for userName and password in callback handler. Instead I am directly passing userName and password in the constructor. Is this implementation legal? I have done this because, I want to integrate this in the servlet later. I am not using J2EE authentication in the web layer and I need to use EJB security.

Waiting for some help. Thanks in advance.

I need to integrate authentication to EJB quickly. Can someone please explain how and when Principal is set before EJB method is called? I read in many of the books but didn't find appropriate explanation any where..

Please help...