This is really confusing. Ih ave been going thru the specs and I really don't know what to think. Now here's the question :
Given the session bean with a run-as identity, What is returned from getCallerPrincipal when invoked from the bean's business method ??
A. the run-as identity.
B. the principal associated with the client invocation.
Now the answer states A as the correct option. But the ejb-2.0 specs on the page number 437 clearly state that
"Note that getCallerPrincipal() returns the principal that represents the caller of the enterprise bean, not the principal that corresponds to the run-as security identity for the bean, if any."
Which one is correct.