And questions regarding what is returned by the service being null. The usual response is that the web.xml file has to be configured to handle security. My question is this: I don't care about security and authentication, is there a way I can have the service identify what client made the request? Specifically, I make a request to the server via a client and have the Web service determine the userID of the client. I'm trying to get the service to display something like "userID <userIdName> made a request to service <serviceName> from <IPAddress>." No authentication is needed, just information displayed from the service.
The IP address can be obtained from the HttpServletRequest, I believe. This will not be available if the web service is EJB-based.
Standard Java EE security will not supply the name of a user, but only that of the principal and the client needs to present credentials in order for the principal to be set.
There is, as far as I know, no mechanism in HTTP that enclose a user id with every request.