I would like to ask if the annotation RolesAllowed works in EJB Layer and also if it is possible to get caller principal in EJB layer(I need it for logging user actions). I tried to get principal with this method https://docs.oracle.com/cd/E19316-01/819-3669/bncaa/index.html but user’s name is just anonymous. Maybe this causes the problem, but I am not sure:
https://github.com/vaadin/cdi/blob/f2dc922230797ebcab1dc106ecc7c3208c7b4d5f/vaadin-cdi/src/main/java/com/vaadin/cdi/internal/CDIUtil.java#L35
InitalContext is created without any properties map so EJB layer does not know which use calls it?
Also I got working RolesAllowed on CDIView after defining class extending JaasAccessControl.