Although there is no client for a MDB, it can still call isCallerInRole and getCallerPrincipal. This is as per Table 4, Section 5.5.1 of EJB 3.1 Specification.
As per Section 17.2.5.1, "getCallerPrincipal returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."
If the security identity has not been established getCallerPrincipal() will return a non-null principal that corresponds to container’s representation of the unauthenticated identity.